Questrade

What’s in it for you as an employee of QFG?

• Health & wellbeing resources and programs
• Paid vacation, personal, and sick days for work-life balance
• Competitive compensation and benefits packages
• Work-life balance in a hybrid environment with at least 3 days in office
• Career growth and development opportunities
• Opportunities to contribute to community causes
• Work with diverse team members in an inclusive and collaborative environment

We’re looking for our next Senior Manager, IT Risk & Governance Oversight. Could it be you?

Reporting to the Director, Operational Risk & Resilience, the Senior Manager, IT Risk & Governance Oversight will be primarily responsible for providing oversight of the Technology risk management and governance framework. Technology services at Community Trust Company (“CTC”) are outsourced to the parent company Questrade Financial Group (“QFG”) and other service providers, where technology operations are the responsibility of such providers however risk oversight remains within CTC.

Among a myriad of other responsibilities, the mandate of this role is to provide oversight and effective challenge to the work being performed by the 1st line and other outsourced technology functions. This includes the monitoring and reporting mechanisms that highlight areas of risk exposure and opportunities for effective control of business risk arising from the use of technology. While the successful candidate will operate as part of the Risk Management team, they will be the subject matter expert on all Technology-related matters within the department and have to collaborate with Enterprise IT & Cyber Governance, Risk & Control on a regular basis. This individual plays a critical role in overseeing the confidentiality, integrity, and availability of CTC’s information assets and the alignment of Technology operations with business objectives and regulatory requirements.

This role is responsible for the independent design, execution, and oversight of technology risk assessments, control testing, and validation of IT and cybersecurity controls. The role requires a strong technical background to critically evaluate and challenge the design and effectiveness of 1st line of defense IT risk management practices, and to analyze overall Information Technology performance, risk metrics, and control effectiveness against established standards, policies, and regulatory requirements. Excellent communication skills are essential to prepare and deliver regular risk reporting to management, including clear articulation of identified control deficiencies, risk exposures, and recommendations for enhancing the 1st line's technology risk management framework and practices including providing recommendations to outsourced technology service providers.

Need more details? Keep reading...

In this role, responsibilities include but are not limited to:

• Providing effective challenge and oversight to the first line of defense regarding the identification, assessment, monitoring, and mitigation of IT & Cyber risks, ensuring alignment with established risk appetite and tolerances.
• Maintaining subject matter expertise and awareness of evolving regulatory requirements, industry best practices (e.g., ISO 27001, NIST CSF, COBIT), and emerging threats related to information technology and cybersecurity.
• Independently reviewing and validating the design and operating effectiveness of IT and cybersecurity controls implemented by the first line of defense.
• Overseeing and challenging the risk management of outsourced Technology functions across various domains (e.g., infrastructure, applications, cybersecurity, data management), including the review of third-party risk assessments.
• Monitoring and analyzing key IT risk indicators (KRIs) and metrics to identify emerging trends and potential control weaknesses.
• Assessing and reporting on the residual risk exposure associated with IT processes and systems, providing clear and concise communication to stakeholders.
• Collaborating with internal audit, compliance, and other risk functions to ensure a coordinated and integrated approach to risk management.
• Evaluating and challenging the risk assessments conducted by the first line of defense for new initiatives, systems, and changes to existing operations.
• Contributing to the development and maintenance of the Technology risk management framework, including policies, standards, and procedures.
• Reviewing and challenging cybersecurity-related test results (e.g., vulnerability scans, penetration tests) to ensure appropriate remediation of identified vulnerabilities.
• Contributing to the development, testing, and maintenance of IT business continuity and disaster recovery plans from a risk perspective, ensuring alignment with business resilience objectives.
• Providing risk-based guidance and support to the incident response team, ensuring that security incidents are thoroughly investigated and that root causes and lessons learned are incorporated into risk management processes.
• Developing and delivering IT risk and security awareness training programs to enhance the first line's understanding of risk management responsibilities.
• Preparing and presenting risk reports, including KPIs and KRIs, to senior management, risk committees, the Board, and regulators, clearly articulating risk exposures and trends.
• Liaising with business units to understand new and developing business strategies and assess their potential impact on the IT risk profile.
• Ensuring IT compliance with relevant laws, regulations, and contractual obligations, including OSFI guidelines (e.g., E-21, B-13, B-10) and other applicable financial industry regulations.

So are YOU our next Senior Manager, IT Risk & Governance Oversight? You are if you…

• Have 7-10 years of experience in a Technology Risk Management, Technology Governance or IT Audit / Quality Assurance role within the financial services industry
• Hold a University degree in Computer Science, Management Information Systems, other related field or equivalent directly related work experience
• Hold one or a combination of CISA, CRISC, CGEIT, CISM or working towards them
• Understand a broad set of industry best practices (COBIT, ITIL, NIST CSF)
• Have leadership experience in Service Quality Assurance
• Have in depth experience building, maintaining and reviewing risk and control frameworks and their inputs
• Have experience building, reviewing, or challenging key performance indicators (“KPI”) and key risk indicators (“KRI”)
• Can communicate effectively to both technical and non-technical audiences
• Are proficient at writing or updating Technology and Security procedures
• Are capable of building right-sized IT Governance solutions
• Have excellent written and verbal communication skills
• Work well autonomously
• Have strong benchmarking, reporting and presentation skill
• Are results driven and action oriented
• Have strong organizational skills proven in managing multiple projects and ad-hoc tasks simultaneously
• Have strong business acumen and knowledge of principles, techniques, current trends, best practices, regulations, policies, and programs related to risk management
• Have people management experience
• Have a desire for high performance and ability to make an impact
• Have in depth experience in deciphering regulatory requirements and developing customized compliance solutions
• Have a solutions-oriented mindset, critical thinking and sound decision making
• Have strong collaboration, influencing, conflict resolution and stakeholder relationship building and people and process management skills
• Have proven ability to manage multiple deliverables with firm deadlines
• Have excellent written communication skills with ability to articulate key messages concisely and effectively
• Have experience in Business Continuity and Disaster Recovery Planning
• Have experience creating reports for senior management
• Are proficient with Microsoft Office, Google Suite, Power BI, etc.

Sounds like you? Click below to apply!

#LI-NP1

#LI-Hybrid