You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You’ll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you’ll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

JOB DESCRIPTION:

We seek an experienced and dynamic Director, IT Risk Management to lead the identification, assessment, and mitigation of IT risks across the Digital Business & Technology Solutions (DBTS) business group. This role will oversee the development and implementation of comprehensive IT risk management strategies.
The Director will collaborate with senior leadership, IT teams across DBTS, and other departments across Sun Life globally to ensure a proactive and comprehensive approach to IT risk management.

QUALIFICATIONS

• Education: Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field. A master’s degree or relevant certifications (e.g., CISSP, CISM, CRISC) is an asset.
• Experience: At least 10 years of experience in IT risk management, with at least 5 years in a leadership role. Strong background in IT security, governance, compliance, and risk management frameworks.
• Skills:
• Extensive knowledge of IT risk management, cybersecurity principles, and compliance standards.
• Experience in crisis management and incident response.
• Proven ability to lead and develop a team.
• Familiarity with risk management frameworks such as NIST, ISO 27001, COBIT, and ITIL.
• Experience with insurance, banking, or other financial services environments is preferred.
• Experience with ServiceNow would be an asset.
• Excellent communication and interpersonal skills, with the ability to communicate complex technical concepts to non-technical stakeholders.
• Strong analytical, problem-solving, and decision-making skills.
• Certifications: Professional certifications such as CISSP, CISM, CRISC, or other relevant certifications are assets.

WORK ENVIRONMENT & PHYSICAL REQUIREMENTS

• Ability to work in a fast-paced, evolving environment.
• Flexible work hours may be necessary during periods of critical incidents or project deadlines.

• Risk Control Self Assessments (RCSA): Lead the identification, evaluation, and assessment of information technology risks through RCSA process across DBTS. Monitor and report on status of any mitigating action plans.
• Policy Review: Participate in the review of IT policies, operating guidelines and directives.
• Incident Response and Crisis Management: Maintain an inventory of all technology and cyber incidents both reportable and not reportable.
• Key Risk Indicators (KRI): responsible for ensuring DBTS KRIs are established, updated, monitored, and reported on.
• Technology & Cyber Governance Model: Annual review, maintenance, and obtain approval of Sun Life’s technology and cyber governance model.
• Operational Risk Events (ORE): responsible for ensuring that operational risk events are reported, tracked, actioned, and closed.
• Regulatory: Lead the consolidation of quarterly supervisory materials for DBTS executives. Assist as needed on regulatory projects and requests related to technology and cyber.
• Team Leadership and Development: Lead and mentor the IT risk management team, providing guidance on best practices, professional development, and performance goals. Foster a culture of risk awareness throughout the organization.
• Stakeholder Communication: Produce the quarterly risk committee report for DBTS executive team. Report regularly to senior leadership and other stakeholders on the current state of IT risks, mitigation efforts, and any new threats or vulnerabilities as needed.
• Collaboration: Work closely with Sun Life second-line risk teams to ensure a comprehensive view of IT risks across the enterprise.
• GRC Technology: Day to day management of the Governance, Risk, and Compliance tool used to support DBTS controls, waivers, and accepted risks. Ensure that the Corporate Risk systems are updated with relevant RCSA, ORE, and KRI data.
• Continuous Improvement: Stay up to date with the latest developments in IT security, risk management practices, and emerging technologies. Recommend and implement improvements to existing risk management processes and tools.