Manager, Technology Risk and Controls

About The Position

Requirements

• 8–10 years of experience in financial services or another regulated industry.
• 8–10 years of progressive experience in technology risk, information security, regulatory compliance, or IT governance.
• Bachelor's degree in computer science, Information Systems, Engineering, or related field, or equivalent experience.
• Strong understanding of technology risk, information security, Enterprise Risk Management framework, and regulatory requirements (e.g., OSFI, CIRO), as well as industry standards (COBIT, NIST, ISO, SOC 2).
• Proven ability to analyze and translate risks in a business context.
• Demonstrated continuous improvement mindset.
• Excellent written and verbal communication skills.
• Strong stakeholder management skills, with the ability to influence and build consensus.
• Intellectual curiosity and commitment to ongoing learning in technology and risk governance.
• Understanding of large enterprise operating models in regulated environments.

Nice To Haves

• 3–5+ years of leadership experience (preferred).
• Understanding PowerBI and automation tools or platforms would be an asset.
• Preferred certifications: CISA, CRISC, CISM, or CISSP.
• Experience with GRC tools (e.g., ServiceNow IRM, MetricStream).

Responsibilities

• Own and deliver portfolio-level risk profiles by consolidating risk and security insights across assets, initiatives, and key domains, including Cyber/Information Security, Technology Operations, and Technology Delivery.
• Develop and maintain standardized, executive-ready risk reporting, including KRIs/KPIs, thematic risk views, issue trends, policy exceptions, and control health indicators.
• Drive end-to-end governance of portfolio risk reporting, ensuring data quality, integrity, and consistency across inputs from multiple stakeholders and process owners.
• Partner with technology process owners, data owners, and delivery teams to ensure timely, accurate, and complete inputs into risk reporting.
• Act as a central coordination point across Technology, ISTR, Audit, and second line of defense (2LOD) functions, ensuring alignment and a consistent risk narrative.
• Engage with 2LOD oversight functions to incorporate independent challenge and regulatory expectations into reporting outputs.
• Collaborate with SMEs across CIO and CISO organizations to align risk reporting with enterprise priorities and emerging risk themes.
• Present portfolio risk posture, key themes, and emerging risks to senior leadership, demonstrating strong executive presence and influencing decision-making.
• Provide effective review and challenge of risk inputs (e.g., issues, audit findings, control statements) to ensure accuracy and completeness in executive reporting.
• Continuously enhance reporting capabilities through automation, visualization, and improved storytelling.
• Promote a transparent, risk-aware culture by improving visibility and understanding of technology and information security risks.
• Assist with internal policy risk assessments to ensure compliance with standards and regulations.
• Assist with internal, external and regulatory audit responses, including stakeholder engagement and evidence collection.

Benefits

• Career Development: Opportunities for career advancement, access to industry-leading learning programs and up to $2,000 annually towards education reimbursement.
• Health & Wellness: Flexible health and dental benefits, plus a $5,000 mental health benefit to support your well-being.
• Time Off: In addition to regular vacation and personal days, we support community involvement with a volunteer day.
• Financial Security: Company-matching pension plan, share ownership program and additional investment options.
• Rewards and Recognition: Employee recognition programs, service milestone celebrations, employee discounts and more!
• Emphasis on Community: We provide a workplace where employees feel connected and supported through Employee Resource Groups (ERGs), mentorship programs, social clubs and events.