Manager of Risk and Governance

Manager, Technology Risk & Governance

Full Time Permanent

Toronto, ON

The Manager, Technology Risk & Governance will be responsible for identifying, assessing, and mitigating risks associated with the organization's information technology systems and processes through assisting with the development, implementation, and management of technology governance frameworks and processes. This role requires a strategic thinker who can collaborate with various departments to ensure compliance and manage risks while promoting a culture of continuous improvement and innovation. This role has primary accountability for ITGC definition and how controls are embedded into our processes as well as ensuring Technology teams follow best practice for audits and attestations.

The successful candidate will interact with internal and external teams and requires strong organizational and communications skills to ensure continued compliance and to provide executive level briefings on matters related to Technology risk and governance.

• Collaborate with stakeholders to conduct regular risk reviews to identify, evaluate and mitigate Technology risks to ensure continual alignment and compliance with organizational frameworks, legislative / regulatory requirements (e.g., PIPEDA, PCI-DSS) and industry standards (e.g. ISO 27001, NIST).
• Maintain risk register to ensure Technology risks are up to date and that risk mitigation plans are current and on track.
• Assist in the development, implementation and maintenance of the organization’s Technology governance framework, checklists, policies and procedures as required to support team and corporate objectives.
• Act as a liaison to external auditors for IT General Controls (ITGCs) and ensure alignment of all Technology practices with IT General Controls (ITGCs).
• Work with our Internal Audit and Enterprise Risk teams to keep our Technology governance practices in alignment with corporate policy and standards.
• Assist in the preparation of risk materials and reports to senior management and stakeholders for monitoring purposes.
• Participate in third-party risk assessments and vendor due diligence.
• Support incident response and disaster recovery planning and testing.
• Continuously improve Technology governance practices by researching industry innovations, monitoring for emerging threats and providing employee training.

• Bachelor’s degree in Information Technology, Computer Science, Business Administration, or a related field
• Proven experience (5+ years) in Technology Governance / Information Risk management experience, or compliance roles.
• Strong understanding of Technology governance principles and best practices.
• Knowledge of risk, security and AI frameworks (e.g. ISO 27001, COBIT, NIST)
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• High level of independence and can be relied upon to follow work through to completion
• Proven ability to manage multiple tasks simultaneously, take initiative, exercise sound judgement, and anticipate needs