We are seeking a strategic and technically proficient AVP, Information Risk Officer, to join our global risk leadership team. Reporting directly to the Global Chief Information Risk Officer, this role will provide independent risk oversight of technology and cyber security risk for our Group Function Technology teams.
The successful candidate will work closely with senior technology executives and their leadership teams to ensure that risk management practices are embedded into the operations and programs of the group function technology teams. The Information Risk Officer will work with teams including Group Functions IT, the Global Data Office and Enterprise Technology Services. The role partners with the CIO of Corporate Technology, the Chief Technology Officer and the Chief Data Officer. The role will also serve as the Operational Risk Officer for the group technology functions, reporting into Operations Risk and Resilience Oversight team.

KEY QUALIFICATIONS:

• Minimum 15 years in technology risk management, information/cybersecurity or IT governance. First Line and financial services experience is preferable.
• Deep understanding of OSFI’s B-13 and E-21 guidelines and their practical application in a complex enterprise environment through the Three Lines of Defense.
• Proven ability to engage and influence senior technology leaders and cross-functional collaborators.
• Strong knowledge of IT infrastructure and operations, cloud services, software development, and cybersecurity practices.
• Experience with risk and governance frameworks, such as the NIST Cybersecurity Framework, ISO 27001/27002, and COBIT. Experience with ITIL or equivalent practices is helpful.
• Ability to work cross-functionally, aligning risk management with broader business and technology strategies
• Experience with risk assessment methodologies, control testing, and incident management.
• Excellent analytical, communication, and presentation skills.
• Relevant degrees and professional certifications such as CRISC, CISM, CISSP, or equivalent are considered assets.

The AVP, Information Risk Officer will lead the day-to-day operations of the Group Functions Information Risk Officer team providing oversight, challenge and risk assessment. As an experienced and pragmatic technology risk practitioner the successful candidate will deliver:

• Independent Oversight: Parter with senior technology leadership and other stakeholders to objectively assess and challenge risk management practices across technology departments. Provide direction and support to First Line in the performance of key risk practices. Assess the adequacy of control environments for technology and cyber domains; lead assessments on focus areas to assess risk as well as reporting on incidents leading to losses. Act as a second line of defense, ensuring risks are appropriately identified, managed, and monitored in alignment with OSFI’s B-13 and E-21 guidelines as well as other relevant global regulations. Drive escalation for actions that are outside of risk tolerances or inconsistent with strong risk culture.
• Reporting and Stakeholder Management: Support data driven quarterly risk committee and other risk reporting by engaging senior technology leadership to ensure they are aware of and aligned with various reporting and have provided input. Ensure appropriate forums are in place for the ongoing discussion of risk matters and key risk indicators with leaders and other stakeholders.
• Strategic Risk Advice: Partner with senior technology leaders to identify risk trends, provide insights and recommend courses of actions to manage risk within appetite. Highlight material and emerging risks to stakeholders.
• Operational Risk Oversight: In addition to technology related risk, the role provides assessment and reporting on resiliency and other operational risks for the group function technology teams

The AVP, Information Risk Officer will lead the day-to-day operations of the Group Functions Information Risk Officer team providing oversight, challenge and risk assessment. As an experienced and pragmatic technology risk practitioner the successful candidate will deliver:

• Independent Oversight: Parter with senior technology leadership and other stakeholders to objectively assess and challenge risk management practices across technology departments. Provide direction and support to First Line in the performance of key risk practices. Assess the adequacy of control environments for technology and cyber domains; lead assessments on focus areas to assess risk as well as reporting on incidents leading to losses. Act as a second line of defense, ensuring risks are appropriately identified, managed, and monitored in alignment with OSFI’s B-13 and E-21 guidelines as well as other relevant global regulations. Drive escalation for actions that are outside of risk tolerances or inconsistent with strong risk culture.
• Reporting and Stakeholder Management: Support data driven quarterly risk committee and other risk reporting by engaging senior technology leadership to ensure they are aware of and aligned with various reporting and have provided input. Ensure appropriate forums are in place for the ongoing discussion of risk matters and key risk indicators with leaders and other stakeholders.
• Strategic Risk Advice: Partner with senior technology leaders to identify risk trends, provide insights and recommend courses of actions to manage risk within appetite. Highlight material and emerging risks to stakeholders.
• Operational Risk Oversight: In addition to technology related risk, the role provides assessment and reporting on resiliency and other operational risks for the group function technology teams.

As a member of the Global Chief Information Risk Officer’s leadership team, you will participate in strategy setting, methodology development and the establishment of standardized practices, the growth of shared services and the pursuit of operational efficiency. You will work closely with the technology risk and information practices areas to maintain and implement our global information risk management framework.