Director, Enterprise Risk Management – IT Security & Cyber Risk

About The Position

Requirements

• University degree in science, technology, business management, economics, accounting, engineering, or mathematics.
• 10+ years risk management experience in the financial services industry including strong knowledge of the regulatory environment and requirements.
• 10+ years’ experience, specifically within risk management of Information Technology and Cybersecurity, controls risk quantification.
• Strong understanding and working experience in Information Technology Operations.
• In-depth knowledge of NIST, ISO 17799, ITIL, CoBIT and other IT Operation specific industry frameworks.
• Experience using GRC risk management tools.
• Strong team player who is resourceful and proactive self-starter, demonstrating the ability to lead and execute change initiatives.
• Demonstrated strength in working independently, managing deliverables, and resolving issues, recommending solutions applying risk-based thinking vs compliance only approach, while seeking guidance on the most complex situations.
• Proven project management skills and strong organizational skills with the ability to manage multiple priorities and manage concurrent deadlines.
• Strong communication skills (verbal, written and presentation) with the ability to influence internal/external stakeholders and exchange information to clearly articulate and translate risks into organizational impact.
• Demonstrated ability to work well under pressure while maintaining a high level of professionalism.

Nice To Haves

• Professional certifications and membership of associations such as CRISC, CISA, CISSP, CISM, etc. are an asset.

Responsibilities

• Development and implementation of IT and Cybersecurity Risk Management programs, including the implementation of an IT & Cyber risk management application within our Governance Risk and Compliance system.
• Development of processes and procedures and provide ongoing support to business functions, to appropriately identify, assess, measure, and manage IT and Cyber Security risk (Risk and Control Self Assessments, control effectiveness testing etc).
• Conduct analysis of threat and vulnerability scenarios which may impact IT systems and business processes, and ensure risks are operating within Sagen risk appetite limits.
• Support risk assessment of all new initiatives, projects, changes as it relates to Technology related risks.
• Development and presentation of IT, Cyber, AI and IT Risk reporting and measurement for decision making of the Senior Leadership Team (Risk Appetite Statements, KRIs, thresholds, tolerances).
• Serve as subject matter expert in the development of IT and Cyber Security Risk policies, frameworks, standards, risk and control objectives consistent with OSFI B13 domains and in response to internal and external threats, regulatory requirements, and changes in the IT risk landscape.
• Coordinate regulatory requests for information and assist with Internal Audit Reviews (as relates to IT controls).
• Maintain awareness of and monitor significant risk and control issues within the business; monitor and report the status and appropriateness of remediation actions.
• Provide evidence-based independent second-line oversight and effectively challenge to ensure sound management of IT, Cyber risk, AI and Cloud risk.
• Responsible for third-party risk assessments and security reviews.
• Provide second-line oversight and report on all technology-related incidents.
• Oversee and challenge the Disaster Recovery program/scenarios as well as alignment with Business Continuity.
• Research and provide thought leadership on current and emerging IT, Cyber Security, AI risks and effective risk management practices, regulatory guidelines, and publications.
• Promote Sagen’s risk culture awareness, with a focus on operational resilience in an environment of open communication and effective challenge.
• Maintain strong internal and external relationships and networks to continuously improve risk programs.

Benefits

• Competitive compensation
• Annual performance bonus
• Medical and dental benefits
• Company funded pension plan
• Matching RRSP, TFSA and/or Non-registered Savings Plans
• Work from anywhere days
• An environment that creates a sense of belonging