System Governance Specialist

About The Position

Requirements

• Hands-on audit experience
• Strong technical acumen
• Ability to interpret audit findings
• Ability to assess control gaps
• Ability to drive meaningful remediation actions across systems and platforms
• Experience establishing and operating a cohesive governance function
• Experience translating inputs into clear, decision-ready insight
• Experience identifying systemic risks
• Experience challenging assumptions
• Experience providing actionable recommendations
• Experience strengthening control effectiveness
• Experience improving resilience
• Experience aligning technology risks with enterprise risk visibility
• Experience with risk registers
• Experience with audit coordination
• Experience with reporting
• Experience advising on risk acceptance, mitigation strategies, and residual exposure
• Experience analyzing audit findings
• Experience advising on embedded controls
• Experience with enterprise risk frameworks
• Experience with SOC and external assessments

Nice To Haves

• Experience in the financial services industry
• Familiarity with regulatory environments

Responsibilities

• Provide forward-looking risk insight by identifying emerging technology, operational, and vendor risks and advising leadership on potential impacts and mitigation strategies.
• Translate complex risk, audit, and operational data into decisive, outcome-oriented recommendations that shape prioritization, funding, and execution trade-offs.
• Advise leadership on risk acceptance, mitigation strategies, and residual exposure during transformation initiatives, major programs, and operational changes.
• Challenge existing control environments by identifying systemic weaknesses, root causes, and opportunities for standardization across ISDS.
• Drive alignment between ISDS risk practices and enterprise risk frameworks, ensuring technology risks are consistently positioned within enterprise risk discussions.
• Analyze audit findings and translate them into clear, actionable control remediation plans.
• Proactively advise product managers and business lines on controls that should be embedded into systems and processes to mitigate risk.
• Ensure controls are not only documented but effectively implemented within platforms and workflows.
• Own the evolution of the ISDS Risk Register into a decision-support tool, incorporating trend analysis, systemic risk identification, and prioritization aligned to business impact.
• Convert audit findings and assessments into enterprise-relevant themes, addressing root causes rather than isolated issues.
• Act as the authoritative interface between ISDS and Audit & Risk, influencing how technology risks are represented, interpreted, and escalated.
• Shape enterprise risk reporting by ensuring technology risks are clearly articulated, appropriately prioritized, and connected to broader organizational risk themes.
• Prepare consolidated ISDS risk inputs for quarterly and annual organizational risk reporting cycles.
• Work closely with audit, risk, and technology teams to interpret audit recommendations and define appropriate technical and operational responses.
• Provide specific, practical guidance to engineering and product teams on how to implement control improvements, not just coordinate activities.
• Track and report on remediation progress, ensuring clear communication with internal and external auditors.
• Develop a strong understanding of OSC’s systems and platforms and how controls operate within them.
• Assess system designs and configurations to ensure alignment with control requirements and risk management standards.
• Act as a trusted advisor to technical teams, ensuring control requirements are understood and properly embedded in system design and delivery.
• Maintain authoritative oversight of all audit and assessment findings impacting ISDS, ensuring completeness, accuracy, and strategic relevance.
• Drive management responses that address root causes and lead to sustainable control improvements, not just issue closure.
• Ensure executive reporting reflects a clear, accurate, and insight-driven view of audit exposure and progress.
• Establish and manage a forward-looking ISDS audit and risk roadmap, aligning governance activities with enterprise priorities and decision cycles.
• Lead ISDS engagement in SOC and external assessments, ensuring outcomes strengthen control posture and align with strategic governance objectives.
• Lead the development of executive-ready ISDS reporting that highlights key risk exposures, trends, trade-offs, mitigations, and required decisions.
• Shape leadership forums into decision-oriented discussions focused on prioritization, accountability, business impact, and remediation.
• Ensure governance outputs directly influence planning, investment decisions, and performance management across ISDS.
• Facilitate governance forums with a strong emphasis on driving outcomes, resolving ambiguity, and enforcing accountability.
• Define and operationalize metrics that provide meaningful insight into risk exposure, control effectiveness, and organizational performance.
• Leverage metrics to identify trends, predict emerging issues, and proactively inform leadership actions.
• Continuously refine reporting to focus on what matters most, eliminating low-value metrics and emphasizing decision-relevant insights.
• Drive a proactive compliance posture by identifying gaps early and embedding sustainable governance practices.
• Ensure ISDS is continuously audit-ready through disciplined, efficient, and strategically aligned governance processes.
• Promote a collect-once, reuse-many governance model to improve efficiency and consistency across audits and assessments.

Benefits

• Diverse, fair, and flexible work environment
• Challenging and rewarding work