Senior Manager, Insider Risk - Asset Protection (Global Security)

About The Position

Requirements

• Minimum 5+ years of progressive experience in risk management, control design, or internal audit within a financial institution.
• Demonstrated experience reviewing logs, identifying suspicious patterns, and validating the completeness and accuracy of logging configurations is required.
• Understanding of log retention policies, log integrity mechanisms, and how to leverage logs for forensic investigations and incident response.
• Comprehensive understanding of data protection risks, exposures, and effective controls to mitigate them, specifically in financial services environments.
• Knowledge of data classification frameworks, access control principles, data residency requirements, and regulatory compliance obligations (PIPEDA, PCI-DSS).
• Hands-on experience with logging, monitoring, and detection technologies across enterprise applications.
• Practical knowledge of SIEM (Security Information and Event Management) platforms, log aggregation tools, and monitoring solutions.
• Demonstrated expertise in identifying control gaps, designing compensating controls, and implementing sustainable risk mitigation strategies
• Advanced proficiency in developing and maintaining risk metrics, KPIs, and performance dashboards for executive-level risk reporting and governance forums.
• Experience with tools such as Tableau, Power BI, Excel
• Excellent stakeholder management and communication skills- must be comfortable presenting risk findings and recommendations to executives, challenging gaps, and building consensus around remediation timelines

Nice To Haves

• Knowledge of insider threat management, behavior-based monitoring, and detection technologies
• Industry-related certifications ( CISSP, CISA, CRISC)

Responsibilities

• Identify insider threat vulnerabilities and control gaps across the organization, with particular focus on unauthorized access, data snooping, and non-business use of systems
• Assess the effectiveness of existing logging and monitoring controls and evaluate risk exposure related to data access, privileged user activities, and sensitive system usage
• Conduct regular reviews of higher-risk application areas (including "crown jewels") to ensure compliance with protections, policies, and standards and verify appropriate user activity logging for investigation support
• Establish baseline metrics and KRIs (Key Risk Indicators) for control effectiveness and conduct regular testing of logging systems (integrity, completeness, accuracy)
• Monitor alert thresholds, investigate control failures, and perform independent testing and validation of monitoring systems to ensure continued effectiveness
• Identify and address logging and monitoring gaps across all applications; assess risks from gaps (account takeover, unauthorized client record access) and implement strategies to mitigate
• Track and manage issues and findings to ensure timely remediation; assign clear ownership of logging responsibilities and hold stakeholders accountable for gap resolution
• Report on control performance, metrics, to risk committees, governance forums, and executive stakeholders; present risk assessments and control recommendations across different lines of business
• Collaborate with senior managers and cross-functional teams to establish consistent reporting structures and ensure standardized monitoring approaches
• Act as a trusted partner to business and application stakeholders while maintaining objectivity; develop strong relationships with risk and operational partners across the organization

Benefits

• bonuses
• flexible benefits
• competitive compensation
• commissions
• stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• A world-class training program in financial services
• Opportunities to do challenging work