IT Risk & Controls Partner (Information Security)

Individually we are people, but together we are Aviva. Individually these are just words, but together they are our Values – Care, Commitment, Community, and Confidence.

We are looking for a positive and forward-thinking IT Risk and Controls Partner specializing in Cyber and Information Security. The ideal candidate will have outstanding collaboration and interpersonal skills, good communication and expertise knowledge and experience.

This role will report directly into the Head of Technology Strategic Initiatives, Risk and Operations and will be a key role within IT’s first line risk and control team and critical to ensuring a strong risk culture across the department.

• You will deliver efficient, effective and timely first line oversight of risk management related to Cyber and information security risks of which Aviva Canada is exposed. This includes activities required by Aviva Canada’s operational risk and control methodology, for example:
• Performing Risk and Control assessments
• Managing risk events and issues, facilitating root cause analysis of incidents and quantifying impact of loss events
• Monitoring the IT risk profile, KRIs and associated metrics of Aviva Canada’s cyber and information security risks to proactively identify changes in the risk profile and emerging risks
• Support in depth analysis on inherent and residual risk faced by Aviva Canada in relation to Cyber and Data loss risks
• Monitor and report the status of management’s IT risk response plans
• Ensuring our GRC tool ‘iCare’ is reliable and up to date
• Reporting on identified IT and cyber-security vulnerabilities with language that senior leaders can understand and use
• Develop and manage relationships with technology / CISO partners; this includes Aviva Canada and Aviva Group second and third lines of defense, Aviva Canada’s other first line risk and control teams.
• Periodically analyze relevant risk data (internal and external) to identify common themes, patterns and/or trends at an aggregate level.
• Act as an SME on cyber and information security to support Aviva Canada’s technology and business transformation projects where required.
• Support the identification and reporting submissions for Aviva Canada of regulatory surveys and remain up to date on new developments and emerging risks.

• 5+ years of experience within IT Operations, IT System Development Life Cycle, IT and/or Cyber Risk Management, Governance and/or Audit.
• Effective communication, listening, presentation, and facilitation skills.
• Effective interpersonal, leadership, and relationship-building skills in engaging with various levels of management.
• Ability to analyze complex data sets, identify trends and communicate actionable conclusions
• Strong strategic and critical thinking skills.
• Experience using GRC risk management tools.
• Professional certifications and member of associations such as CRISC, CISA, CISSP, CISM etc. are an asset.

• Compelling rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.
• Outstanding Career Development opportunities.
• We’ll support your professional development education.
• Competitive vacation package with the option to purchase 5 extra days off per year.
• Employee driven programs focused on gender, LGBTQ+, origins, diversity, and inclusion.
• Corporate wellness programs to support our employees’ physical and mental health.
• Hybrid flexible work model.