Principal, IT & Cyber Governance, Risk and Control

About The Position

Requirements

• 5 to 7 years of experience in Information Technology, Cyber Security, Internal Audit, Risk Management and/or Compliance in a financial institution.
• 3 to 5 years of hands-on information technology or security operations experience.
• Holds one or a combination of CISA, CRISC, CISM, CGEIT or equivalent.
• Knowledge and experience working with data, security, compliance and privacy laws in the Canadian investment and banking industry.
• Experience writing or updating IT and Security procedures.
• Experience building key performance and risk indicator dashboards for different management levels.
• Experience with assessment and review of SOC 1 and 2 reports.
• Knowledge of a broad set of industry best practices (COBIT, ITIL, NIST CSF, Cloud CSC, Agile SAFE, PCI-DSS, etc.)
• Exposure to financial industry business processes.
• Exposure to enterprise and operational risk principles and practices.
• Exposure to risk scenario analysis, risk quantification and loss event modeling.
• Experience with using compliance automation tools.
• Strong written, oral communication and interpersonal skills.
• Ability to communicate with individuals at all levels of the organization.
• Highly curious, self-motivated and directed.
• Project Management proficiency.
• Proven Governance, Risk and Control knowledge.
• Strong attention to detail and proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Experience working independently and a team-oriented, collaborative environment.
• Ability to conduct research and present insights succinctly.

Responsibilities

• Lead the continuous monitoring and coordination of control-evidence collection and assurance, leveraging automation and innovative GRC solutions to streamline these processes, while also spearheading complex, high-impact control risk assessments and assurance reviews for critical existing IT & Cyber processes and all new strategic initiatives.
• Drive the strategic design, implementation, and rigorous testing of technology & cybersecurity controls in deep partnership with cross-functional teams to achieve and maintain compliance with target frameworks (e.g., SOC 2, SOC 1, OSFI B-13).
• Lead all regulatory compliance-related initiatives, including conducting formal gap assessments against control frameworks (e.g., SOC 1 & SOC 2 readiness, OSFI B-13, etc) for new and existing policies and technologies.
• Manage and serve as the primary point of contact for all internal, external, and regulatory audit and attestation engagements ensuring successful evidence submission and positive assurance outcomes.
• Take ownership of and execute complex, ad-hoc, high-priority activities that require immediate control implementation or assurance validation due to emerging threats or critical business needs.
• Maintain and actively apply a thorough, expert-level understanding of core GRC Frameworks (SOC 2, ISO 27001, etc.) to strategically and effectively drive control implementation and assurance activities.
• Maintain expert subject matter knowledge and awareness of new and pending legislative, legal, and statutory changes as they translate into new or updated control requirements across GRC frameworks.
• Act as a trusted advisor in technology and cyber projects as well as working groups, providing expert GRC counsel on best practices and mandatory requirements during the entire product development and deployment lifecycle.

Benefits

• Health & wellbeing resources and programs
• Paid vacation, personal, and sick days for work-life balance
• Competitive compensation and benefits packages
• Career growth and development opportunities
• Opportunities to contribute to community causes