Int. Data Risk Manager with DCAM & RCSA expertise to lead creation of a data risk and control m[...]

Int. Data Risk Manager with DCAM & RCSA expertise to lead creation of a data risk and control methodology and review/assessment process for our Insurance client.

Work Style: Hybrid – 3 days in office (Toronto or London, ON)

End Date: 8-month tenure (Extensions Likely)

Primarily responsible for evaluating and forecasting potential losses or risks to data that a company may encounter. Lead on creating a data risk and control methodology and review/assessment process. Proactive approach and measures to minimize exposure to financial, regulatory, legal, or reputational harm caused by loss, limitations (e.g., inaccurate and poor data quality, lack of metadata, data and system breaks) and related issues to an organization’s ability to acquire, store, transform, move, protect and use its data assets. Lead and work with various business teams to socialize data risk concepts and enable methodology for implementation and adoption.

Expertise in monitoring and conducting gap assessment of internal controls - Collaborate with business owners to ensure proper monitoring and assessment of internal controls, utilizing key metrics such as KPIs, KRIs, and KCIs to evaluate effectiveness. Knowledge in applying assessment techniques such as Data Management Capability Assessment (DCAM), Risk and Control Self-Assessments (RCSA), etc.

• Risk and Governance activities
• Primary contact for all data risk and programs
• Lead in supporting business teams in adherence to the data risk program and methodology
• Knowledge in handling data breaches with the escalation path and apply resolution/mitigation techniques
• Risk analysis and improvement plans - Define and implement a structured approach for conducting gap assessments of operational risk policies and practices, creating actionable plans to address identified areas for improvement
• Creating audit or review methodology, including roadmap of planned assessments
• Educate business units on the data risk approach and methodology
• Monitoring and Reporting
• Deliver comprehensive risk reporting - Establish and provide regular reporting on data risks, controls, and mitigations, ensuring that senior management and relevant committees receive timely updates and actionable insights
• Ability to engage business units in adopting the program and identify non-compliance with mitigation/action plans

What you will bring

• Must hold or be eligible for Enhanced Security Clearance (Requirement = living in Canada for 5+ years, PR/Citizen)
• Expert knowledge of data management, data governance, data breaches, and data & AI risk principles
• SME and point of contact for all data risk management and related work efforts
• Expert in creating a data risk methodology and apply a data risk program to the company
• Experience in compliance, risk and audit program and practice including regulatory audits
• Ability to create any of the following: framework, policies, standards, procedures, templates, etc.
• Expertise and knowledge in creating risk appetite statements, risk limits and thresholds, impact assessments, or risk tolerance
• Expertise in risk monitoring and reporting, including escalations to senior management when needed
• Conduct audits or independent challenge review of internal and external (business units) compliance with data governance standards, procedures, including if necessary, liaise with internal and external auditors, or regulators
• Must be familiar with regulatory requirements coming from OSFI, Privacy, Canadian Federal regulations, Health Dental and Investment regulations, etc.
• Experience in Cyber Security, Privacy, NIST Compliance, PCI DSS, SOX Compliance, ISO 27001/2
• Experience or certification in the field of enterprise risk, data maturity models, data & Artificial Intelligence risk and information systems control, financial risk management, data modelling, AI/ML methodologies, etc.