Senior Manager, IT & Operational Risk Management, Regulatory Liaison

This role participates in and leads some of the execution of the Wealth Management Technology & Solutions (WMTS) Operational Risk Annual Plan and the management of operational risk (ORM) and IT Risk within WMTS. The role is also responsible for planning and managing Operational Risk Management programs and processes across WMTS.

The individual contributor will have expert knowledge of US and Canadian IT regulations, audit methodologies, and general computing controls (e.g., logical access, patch and configuration management, change & incident management). They will act as the single point of contact for internal/external audits and regulatory requests related to WMTS and US Wealth Management IT Risk. Services include audit responses, risk & compliance reporting, risk advisory & awareness, and IT & operational risk analysis.

• Lead preparation of regulatory presentations and associated monitoring activities, and contribute to their execution.
• Coordinate across technology (WMTS and broader T&O) and business teams to ensure risk profiles are managed effectively, including addressing breached KRIs with viable remediation plans.
• Manage WMTS engagement during audits and regulatory exams, ensuring timely evidence submission and early identification of potential issues.
• Review applications to determine their applicability for SOC1, SOX, and Crown Jewel controls.
• Build and maintain relationships with enterprise stakeholders such as Internal Audit and Group Risk Management.
• Support the execution of Risk and Control Self Assessments for WMTS.

Must-have

• Expertise in the global regulatory landscape impacting financial institutions (e.g., OSFI, FRB, FINRA, OCC, FCA, MAS), including control requirements (e.g., NYDFS, SOX, GLBA, GDPR).
• Exceptional verbal and written communication skills, with strong relationship management abilities.
• Deep knowledge of general computing controls such as logical access, patch & configuration management, change & incident management.
• Strong understanding of IT and operational risk management processes, methods, and tools.
• Technical knowledge of operating systems (e.g., Unix, Windows, zOS) and database systems (e.g., Oracle, SQL Server, Sybase, DB2).
• Certifications such as CISA or CRISC.

Nice-to-have

• CISSP certification.
• Knowledge or certifications in GRC tools (e.g., ServiceNow, Archer) such as CCSP or CCSK.

Join a team that values growth, collaboration, and making a meaningful impact. We offer a comprehensive Total Rewards Program including bonuses, flexible benefits, competitive compensation, and stock options where applicable. Our leaders support your development, and you'll have opportunities to work on challenging projects, take on greater responsibilities, and build strong relationships with business partners. We promote work-life balance and a dynamic, high-performing environment.

LI-Hybrid

LI-POST

TECHPJ

Application Security, Critical Thinking, Cyber Security Management, Decision Making, Detail-Oriented, Information Security, Information Security Management, IT Risk, IT Security Architecture, Internal Auditing, Relationship Management, Risk Management