Technology Risk & Governance Consultant

The main responsibility includes but not limited to:

• Review and revise as needed the IT and cyber security risk assessment processes, results, and artifacts to reduce overlaps and gaps and to produce results that are reusable, complete, accurate, current, can be aggregated, and are consistently actioned.
• Document a consolidated view of, and consistent aspects of the approach (e.g., taxonomy) to the IT and cyber risk assessment program is required to enable consistency, completeness, and accurate information in support of governance, oversight, and reporting.
  • Create a risk assessment universe, for IT and cyber specific assessments and to clarify the role of each assessment and certain aspects of organizational assessments (e.g., using an IT process taxonomy and a risk taxonomy).
  • Develop a clear standard to align and aggregate results, and to assess and treat IT and cyber security gaps from risk assessments.
  • Deploy the risk assessment universe, and capabilities to support the expectations of the standard, in an appropriately robust tool including workflows and consistent documentation.

• Candidates should have a breadth of IT, and/or non-financial Risk management experience (governance, operations, audit, control functions, compliance, risk management) over 10+ years.
• Requires strong working knowledge in IT Risk management experience in 5+ areas including but not limited to; systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset.
• Knowledge of banking businesses including related systems, procedures, regulations expected. Additional merit awarded for experience in relevant portfolio business line.
• Strong PPT presentation design and delivery expected as part of the leadership team. Data Analytics and Visual dashboarding would be desirable.
• Knowledge or understanding of Risk / Control frameworks is desirable (ITIL, ISO, COBIT, NIST).

• Big 4 consulting experience will be an asset.
• Additional relevant Certifications would be an asset - ITIL V3 Foundation Cert. in ITSM, COBIT, CRISC, CISSP.
• Experience with technology and cyber security risk assessments, including Threat Risk Assessments, self-risk control assessments, vulnerability assessments, etc.

• Possessing a diverse set of skills and knowledge across various fields, enabling adaptability and a broad perspective in problem-solving.
• The ability to reason systematically and evaluate information objectively to make sound decisions and solve complex problems.
• Examining and interpreting data to extract meaningful insights, identify trends, and support decision-making processes.
• Effectively engaging and communicating with all parties involved in a project to ensure their needs and expectations are met.
• The ability to convey information clearly and effectively, both verbally and in writing, to various audiences.
• of managing tasks and responsibilities autonomously, requiring little oversight to achieve goals.
• Driven by personal initiative and a strong internal desire to achieve and excel without needing external encouragement.
• The ability to plan, prioritize, and manage time and resources efficiently to achieve objectives.

Bachelor’s degree in computer science, Engineering, Business Commerce, or equivalent experience.