Manager, Technology Governance & Controls

About The Position

Requirements

• Minimum 5 years of progressive experience in Technology Risk, Information Security, or IT Infrastructure/Architecture, ideally within a regulated financial environment.
• Strong understanding of cybersecurity and technology risk domains (risk assessment, incident response, network security, cloud security, and regulatory expectations).
• Familiarity with regulatory and industry frameworks such as OSFI B‑13, NIST CSF, ISO 27001, CIS Controls, SOC 1/SOC 2, and Cyber/Tech Risk Management practices.
• Hands‑on experience with platforms such as Archer, Jira, Confluence, and ServiceNow.
• Strong understanding of cloud environments — Azure required, AWS an asset.
• University degree in Computer Science, IT, Risk Management, or related discipline; professional certifications (CISSP, CISA, CRISC, CISM) preferred.

Nice To Haves

• Strong analytical, communication, and stakeholder‑management skills with the ability to influence across diverse teams.
• Knowledge of key cybersecurity trends (e.g., ransomware, attack frameworks, zero trust, AI‑driven threats) and emerging cloud‑native technologies (serverless, container orchestration, OT, AI‑focused systems, fintech).
• Ability to assess technical controls across network, infrastructure, and cloud environments and evaluate related risks.
• Understanding of Generative AI foundations, principles, and tools.
• Flexible and adaptable to change.
• Superior influencing and negotiation skills; strong consensus‑building abilities.
• Demonstrated thought leadership in technology risk and control practices.
• Service‑oriented and collaborative mindset with emphasis on trust‑building.
• Accountability, transparency, and strong follow‑through in performance.
• Persistent in driving efficiencies, process improvements, and strategic enhancements.
• Strong industry awareness and understanding of standard processes.

Responsibilities

• Perform information risk assessments in alignment with global methodologies, policies, and standards across new and existing tools, technologies, and business areas.
• Recommend new or enhanced security controls to strengthen enterprise security.
• Collaborate with developers, engineers, and support teams to implement and automate security controls, including cloud and container security within CI/CD pipelines.
• Perform and maintain RCSAs by evaluating control design and effectiveness, identifying gaps or emerging risks, and partnering with SMEs on remediation and documentation updates.
• Develop and support corrective action plans for key controls or measures where deficiencies are identified.
• Collaborate with ETS cloud, architecture, IT Asset Management, Infrastructure, Line 2, and control owners to ensure effective execution of risk processes and alignment with enterprise governance standards.
• Partner with Line 3 Audit and SMEs to gather/validate evidence, coordinate audit responses, challenge findings, and track deliverables throughout the audit lifecycle.
• Govern, operate, and mature the organizational technology risk management program, including reporting program status and key risk metrics.
• Review and maintain current knowledge of Information Risk Standards and Technology Risk Policies.

Benefits

• health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans.
• various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources.
• generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence.