Team Lead, Technology Risk and Control

About The Position

Requirements

• Post-secondary education in IT, Business Processes, Information Technology, or similar fields.
• Holds one or combination of professional designation in IT audit or IT risk management such as CRISC, CISA, CIA, CISSP.
• 5+ years of experience in IT Audit, IT Governance, IT General Controls, Application Controls and IT Risk Management.
• Demonstrated experience in leading and managing ITOS audit activities, IT risks and security risks management, change management, project management, IT governance, and compliance, specifically in developing IT. policies, procedures, and audit work programs.
• Knowledge of IT Governance, IT Audit, Cyber Security Operations, audit requirements, IT and security Standards, IT General Controls and Control Assessments.
• Exposure to financial industry business processes, enterprise and operational risk principles and practices.
• Proven technical knowledge of IT platforms, ITGC and application control testing, networks, operating systems, databases, security, privacy and business applications.
• Deadline-driven and results-oriented, able to meet consistently high-quality standards while handling a variety of tasks and deadlines simultaneously.
• Demonstrated proficiency with document and records management software, preferably Content Server and Office 365 (e.g. OneDrive, PowerBI, SharePoint, Flow, Visio, PowerApps, Project).
• Proven understanding of the IT infrastructure and functions with exceptional data analytical, interpersonal and communication skills.
• Detail oriented and possess a practical problem-solving approach to everyday matters.
• Effective organizational skills and ability to establish priorities and meet deadlines.
• Experience in policy and procedure development, process and workflow documentation, IT audits, change management, access management, or other IT operational activities with a focus on compliance and internal controls.
• Experience in auditing large enterprise IT implementations with knowledge of project methodologies, project controls and ability to effectively work with cross functional project teams.
• Exceptional written and oral communication skills.
• Exemplify OPTrust’s values: collaboration and teamwork, integrity, respect, flexibility, excellence, and continuous improvement.

Nice To Haves

• Knowledge of NIST CSF, IT Risk Management Framework, COBIT, COSO framework, SOC 2, ISO 27001 and ITIL Foundations would be an asset.
• Knowledge of pension, finance and investment processes is an asset.

Responsibilities

• Lead and mentor a small team, provide guidance and support, delegate tasks effectively, and conduct regular team meetings to discuss ongoing projects, share insights, and address any challenges or concerns.
• Propose and implement improvements to internal controls, collaborating with teams to align with IT and security processes, and contribute to the documentation of related processes and baseline standards.
• Leads the implementation, maintenance, and communication of the ITGC related policies, procedures, and programs, and performing ongoing reviews to be consistent with actual practices.
• Responsible for tracking all vendor agreements and documentation and the measurement of vendor performance against SLAs to ensure contractual terms are met and continuous improvement.
• Advises and educates others on internal controls and security procedures.
• Leads operational activities, communicates procedures and engages vendors where applicable.
• Prepares and delivers ITOS divisional performance reporting.
• Responsible for researching leading-edge technologies, technology standards and best practices to identify process improvement opportunities for the IT teams.
• The point of contact between the external auditor and ITOS team, lead, plan, execute, and manage IT and security-related audit activities, collaborate with internal and external stakeholders including but not limited to collecting evidence, explaining business processes, performing audit test and proposing remediation action plans.
• Leads, and conducts regular internal audits of information systems, applications, and IT processes, prepares working papers to document the work performed to ensure that appropriate controls exist, and that information produced by the system is accurate.
• Prepares reports and recommendations for management on the results of information systems audits.
• Develop, implement, and maintain a comprehensive ITOS risk management process to identify, assess, and prioritize ITOS risks.
• Collaborate with cross-functional teams to ensure that IT risk assessments and mitigation align with business objectives and regulatory requirements.
• Responsible for managing the technical risk database.
• Leads the review, development, evaluation, maintenance and implementation of IT General Controls, and business controls in collaboration with the incumbent’s manager to ensure the proper cadence and review are being adhered to as well as to ensure the controls are within corporate objectives and meet the government-mandated standards.
• Implements the change management process, including organizing the Change Advisory Board (CAB) meetings, reviewing and analyzing Request for Change (RFC), communications, stakeholder engagement, business processes and training plans, identify risks, and devise contingency plans, as required.
• Works with internal ITOS managers to ensure agreed upon process controls are in place and functional as designed.

Benefits

• Benefits package after six months of consecutive employment.
• Optional membership in our world-class defined benefit pension plan.