Information Risk Management Analyst II

We are seeking a Information Risk Management Analyst to join our Group Functions Technology team. This role offers the opportunity to lead the implementation of operational resiliency within a newly developing area of business continuity. As a key contributor to this initiative, you will support transition planning for third-party vendors and ensure testing and resilience measures are executed effectively. This is a forward-thinking leadership role ideal for individuals seeking to grow within the field of operational risk and business continuity.

Key Responsibilities

• Business/Operational Resilience & Third-Party Vendor Program:
• Prepare and complete vendor exit and transition plans for critical third-party vendors.
• Serve as the primary contact for vendor reviews and contract assessments regarding exit and transition planning.
• Lead the testing of third-party exit and transition plans.
• Collaborate with vendors and internal partners to establish alternate work arrangements for critical business processes.
• Engage with Information Risk Management (IRM) and other risk SMEs when required.
• Support the Business Resilience Risk Management framework (including BIA, RTO/RPO assessments, critical path mapping, and testing).
• Provide advisory support to business units, IT teams, and project teams.
• Implement innovative solutions to manage risks related to new technologies and processes.
• Support for Changes and Projects:
• Work to standardize and digitize resilience processes in collaboration with IRM, Global Resilience, Level 2 Risk, and Operational Risk Management.
• Ensure business continuity (BC) and disaster recovery (DR) requirements are incorporated into project planning.
• Share best practices across the organization.

• Preparing third-party transition plans.
• Acting as liaison for vendor contracts and reviews.
• Supporting operational business risk mapping.
• Assisting in disaster recovery and business continuity efforts aligned with a new resiliency model.

• 3–5+ years’ experience in Disaster Recovery, Business Resilience, IT/Systems, Project Management, or Vendor Management within a large, complex organization.
• Strong proficiency in Microsoft Office and familiarity with BCM planning tools and/or relational databases (e.g., Fusion Risk Management, PowerBI).
• Broad understanding of system technologies and Business Resilience/Disaster Recovery techniques.
• Exceptional written and verbal communication skills, with confidence in presenting across all organizational levels.
• Demonstrated ability to build relationships, engage stakeholders, and influence others.
• Familiarity with OSFI Guidelines B10 & E21.

• Direct experience working with OSFI (B10 & E21) compliance requirements.
• Experience with resilience frameworks in regulated industries.

• Professional certification in Business Continuity Management such as ABCP, CBCP, MBCI, or MBCP is a strong asset (or currently in progress).