Senior Manager IT GRC

Financial Services
Toronto, ON
Permanent
Jul 25, 2024

Our client

One of the world's best pension investment funds undergoing major technology transformation and modernization

 

What's in it for you

Help to grow and and build an increasingly important key function within the enterprise. Lots of new and challenging projects.

 

Responsibilities 

• Lead the implementation and maintenance of the IT Risk program across the organization
• Develop, review and revise technology-related policies, standards and guidelines in accordance with best practices and develop and implement the  socialization strategy of these governance documents
• Lead IT delivery teams operationally and provide guidance and mentorship on technology, Risk and information protection practices and risks.
• Oversee the identification and documentation of the key processes and controls, including application controls, ITGCs, etc. and obtain deep understanding of the key risks and mitigating controls.
Work with the various stakeholders across the organization to conduct walkthroughs and prepare and maintain detailed internal controls documentation (e.g., process narratives, risk and control narratives, process maps).
• Develop and maintain relationships with key stakeholders across the Investment Management, Finance, Plan Operations, Risk, HR, and IT Divisions and maintain an in-depth understanding of key business and IT processes, including all key systems / applications, and serve as an expert on IT controls.
• Ensure IT risk initiatives are effectively implemented by collaborating with and gaining buy-in with stakeholders and leaders within IT and business teams.
• Lead the team in measuring and effectively reporting on IT’s Risk profile to various stakeholders such as IT leadership to support decision making.
• Assist IT in managing and evaluating upcoming projects through the IT intake to assess risk for existing and/or new processes and provide control assessment to design applicable controls as appropriate.
• Lead the development of KRIs (Key Risk Indicators) and other operational risk metrics for the IT division.
• Organize and effectively facilitate workshops and education sessions with IT delivery teams, leading IT Risk and compliance initiatives by conducting training and awareness programs to keep partner teams educated and enabled with knowledge to effectively design, monitor and adhere to the controls.
• Bring visibility and transparency of IT risk program work and results and communicate business value of the program to the rest of the organization.
• Identify current and emerging risks and develop risk management strategies to mitigate these risks.
• Foster an enhanced compliance and risk culture by acting as an ambassador or champion for IT Groups in all GRC related activities.
• Provide oversight on the management of remediation plans that result due to design and / or operating effectiveness deficiencies.


Required Experience

• Bachelor’s degree in Business, Accounting, Computer Science, Information System, Engineering.
• 10+ years of experience in IT Governance, IT Risk & Compliance, IT Audit, external/internal audit, SOX 404/ NI 52-109 compliance and internal controls over financial reporting (ICFR), including IT risk and controls, in the financial services industry or public accounting 
• Expert knowledge of Technology, and risk management frameworks, (such as ISO 27001, NIST, COSO and COBIT), performing compliance and risk assessments, designing controls, and overseeing mitigation projects.
• A minimum of 3 years of management experience including leading a team.
• Experience in developing and/or reviewing IT governance documents such as policies, standards and procedures.
• Preference will be given to candidates who have one or more of the following professional designations, Certified Information Systems Auditor Designation (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA).
• Knowledge of Capital and Private Markets, Investments, and related risk management/ compliance/ operations functions would be an asset.
• Experience with control and risk frameworks, performing compliance and risk assessments, designing controls, and overseeing mitigation projects.
• Experience in developing and reporting performance and risk metrics, such as KPIs, KRIs, SLA’s, OKR reporting and dashboards for executive leadership teams.
• Familiarity with data analytics, visualization, and reporting software (Ex. PowerBI) is considered a plus.
• Excellent verbal and written communication skills, especially communicating across all levels and cross functional teams both technical and non-technical.
• Experience in the Financial Services or pension industries is an asset.
• Knowledge of public cloud infrastructure (Azure and Amazon Web Services) and Databases (SQL and ORACLE) is preferred.
• Experience working in an agile environment (software development, infrastructure, and shared services)
• Experience with Service Now GRC platform is preferred.
• Proven ability to educate and share knowledge effectively with diverse teams

Send to Friend

Send to Friend