Manager -Technology Risk and Controls (1A) to execute annual technology risk management initiat[...]

Manager-Technology Risk and Controls (1A) to execute annual technology risk management initiatives, audits and processes for our insurance client

Location: Hybrid (3 days/week in Toronto)

Duration: 6 Months (initial)

We are looking for a Manager, Technology Risk and Controls, to join our Global Corporate Technology team as leader of the 1A function team.Reporting to the Assistant Vice President, Shared Services, the Manager will support a designated portfolio(s) by partnering with key stakeholders in executing annual technology risk management initiatives and processes. This role will also support the respective incoming audits, technology controls program, etc. ensuring that risks and ineffective controls are appropriately identified, remediation plans or strategies are developed.

What you will do:

• Providing a holistic view of technology risks across the organization by establishing and maintaining technology risk management governance, technology risk & controls framework and technology & risk management processes.
• Build and adopt frameworks to support monitoring and tracking of KPIs/KRIs, technology risk related issues, audit findings, and exceptions related to policy / standard.
• Partner with technology teams to build remediation plans so that ineffective controls are migrated to acceptable level within agreed timelines.
• Prepare portfolio level reports to highlight portfolio risk posture, while ensuring that 1B, 2nd and 3rd line partners receive updates accordingly.
• Provide guidance to Technology teams in the design, implementation, and continuous monitoring of controls that reduce a broad spectrum of technology operational risks.
• Assist in ongoing review and monitoring of compliance with policies and standards and enforce compliance with policies and standards across all levels of the organization, managing exceptions in accordance with the establish Risk Management framework.
• Support the risk reviews of key project initiatives leveraging internal established assessment tools.
• Provide subject matter expertise in key technology risk management areas such as information security, operations, IT resiliency, and technology delivery.
• Foster, advocate for and strengthen companies' overall technology risk posture.
• Support both regulatory and internal audit compliance activities related but not limited to SOC 2 and ISO 27001; 27017, and ICOFR.

Must Haves:

• 8+ years of progressive experience within the field of technology risk, information security and/or technology audit.
• 5+ years of people leadership of technology or risk management teams.
• Demonstrated experience in challenging the status quo and identifying areas of operational improvement (example: people, process, technology).
• Ability to identify, analyze and translate information security risk in the context of what it means to achieving business objectives.
• Bachelor or Associate Degree in Risk Management, Information Security, Computer Science or Business Technology.
• One or more of the following certifications in a good standing considered an asset: CRISC, CISA, CISM and/or CISSP.
• Deep understanding of technology and security risk, regulatory compliance (OSFI), and industry best practice frameworks (COBIT, NIST, ISO standards).
• Good understanding of the 3 Lines of Defense model, with the ability to manage and engage stakeholders across each of the lines.
• Ability to manage multiple competing projects and priorities under time pressure without compromising quality.