IT Security Specialist – Risk & Compliance

• Degree/Certifications Required: CRISC certification or equivalent experience – Must have
• CISA certification or equivalent experience – Preferred
• CISSP certification or equivalent experience a plus – Nice to have
• Years of experience: 10 years plus exp.
• Reason for request/why opened: Backfilling
• Interaction with Stakeholders: high amount! Will be up to executive level interaction.
• Project Scope: BAU role.
• Team Size: 14 plus

• Audit experience
• Proficiencies in security information frameworks
• Exp w/governance, risk and compliance.
• Extremely strong communicator – verbally and written
• Job titles that are relevant – BISSO, TCO,
• Need to be able to do QA assessments – remediation of risk, controls effectiveness testing (critical for the role). Exp, PCI compliance, HIPPA, SOX testing
• Ability to handle stressful situations
• Ability to pivot and be flexible – every day is different in this role
• A Key team player and contributor. Someone who can take ownership. Someone who doesn’t need constant direction, self-manage and takes initiatives. Ability to take the lead on assignments.
• Understanding of finding closure and/ or remediation packages- have produced or reviewed them.
• QA on RFI’s (Audit and regulatory specific)- process regulator (having an understanding and experience reviewing them prior to submission).
• Understanding of Reporting, understanding data and how that translates to the business. Proficiency in excel is important.
• Someone that has experience pulling together governance related data and visualization/risk insights. Interpret and translate the data.

• Building a World-Class, Diverse and Inclusive Technology Team at client
• We can’t afford to be boring. Neither can you. The scale and scope of what client does may surprise you.
• The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology.
• Client’s technology and business teams become more intertwined as new opportunities present themselves.
• This new era in banking does not equal boring. Not at client, anyway.
• Client’s Regulatory, Audit & Compliance Assurance is home to a team of highly valued professionals, who support all P&T related Regulatory and support interactions, which includes business, 2nd, or 3rd LOD led exams.
• They provide oversight and governance, independently challenging High / Med severity issues tied to Regulatory, Audit and ORM.
• Includes issue escalations tied to potential overdue and validation failures, issue support for insight, governance reporting and exams. Also, provides demand management support assurance functions.
• There’s room to grow in all of it.

• We are looking for someone who is well-versed at providing governance, risk, compliance and issue remediation oversight and control best practices that meet bank’s overarching Platforms & Technology Governance strategy and objectives.
• The individual will be responsible for partnering with Technology segments to support independent challenge and oversight of issue remediation plans impacting our information security control environment.
• Here’s some of what you may be asked to perform: Lead assessments of audit and regulatory finding remediations required to mitigate risk within technology infrastructure and applications, working with stakeholders across the three lines of defense to ensure effective risk mitigation and remediation
• Provide advice and guidance to Technology segments and Technology Risk Services on various areas requiring subject matter expertise and interpretation: Audit & Assurance Standards; IT Risk Governance Control Frameworks, and GRC (Governance, Risk, and Compliance) frameworks.
• Contribute to the development of mature Governance Oversight & Control practices, through improvement of Risk Identification, Control Design and Operating Effectiveness.
• Identify emerging themes, understand trends, and provide specialized business management advice to senior management and respective teams while raising industry, external and internal, enterprise and business awareness.
• Lead continuous improvement projects, leveraging agile / lean continuous improvement practices/methods that demonstrate sustainable and leading edge solutions (e.g. Artificial Intelligence (AI), Machine Learning (ML), Power BI/Apps, Python, etc.)

• Expert knowledge of IT Audit and Control methodology, IT Governance Controls and Standards, and associated tools to ascertain the quality and effectiveness of technology remediation plans.
• Experience with project and change management methods to deliver on assurance, governance and oversight initiatives that align to strategic objectives.
• Competencies in technology controls, emerging threats, and technology risk disciplines and practices.
• Strengthen the independent assurance, governance and oversight operations, utilizing lean continuous improvement practices and tools.
• Apply core Agile frameworks such as, Scrum, Kanban, and Extreme Programming to execute operational workplan projects.
• Knowledgeable in Artificial Intelligence to lead the design, development and deployment of AI-driven solutions that enhance business operations, decision-making, and innovation.
• Collaborate with data scientists, engineers, information security specialists, and business stakeholders to align AI initiatives with strategic objectives.
• Ability to translate business needs into technical AI solutions.
• Ability to train colleagues and team members related to risk and compliance of issue remediations.
• Excellent verbal and written business communication skills; meticulous documentation.
• Ability to manage multiple efforts simultaneously, priority demands and strong organizational skill.
• Ability to effectively interact with individuals across the organization and at various levels (technical, business, Senior & Executive Management).
• Stay current with the latest research and trends in AI/ML and recommend relevant tools, frameworks and methodologies.

• 10+ years as an IT Risk Specialist with relevant experience in governance, risk and compliance management within regulated industries.
• Information Security or technology risk and controls background in a financial industry a plus.
• IT governance experience in information security and controls risk frameworks (i.e., ITIL, NIST, COBIT).
• Knowledge and experience with various lifecycle methodologies / frameworks, i.e., Agile, Project Management, IT Processes, Risk Management frameworks and process/operations.
• Knowledge and experience with various technology tools including, but not limited to, RSA Archer, JIRA, Confluence, Sharepoint, MS Office, Excel.
• CRISC certification or equivalent experience
• University degree or relevant field/equivalent experience.

• Exp or knowledge with AI- Co-Pilot, Power BI and Automate
• CISA certification or equivalent experience – Preferred
• CISSP certification or equivalent experience a plus

13370

Contract

6 months

Toronto