IT Risk Compliance & Resiliency Specialist (12 month contract, hybrid)

at  Workplace Safety and Insurance Board

Reporting to the Manager, IT Risk and Governance, this role supports the Manager in ensuring WSIB’s consistent adaptation of the IT risk management framework and applicable risk management requirements including, developing and implementing risk policy, developing and maintaining the IT risk register, monitor and measure compliance to IT policies, report on current risk posture and compliance, work with all areas of IT to identify risks and remediation efforts, follow up with ITC areas on remediation commitments, liaise with Internal/External Audit to coordinate response to any ITC audits, document and report on findings and track remediation commitments. This role will liaise with Internal Controls to lead, coordinate and provide evidence of documented controls for financially relevant systems. They will also work with the Internal compliance division to ensure WSIB’s IT division is compliant with legislative directives.
The IT Risk, Compliance & Resiliency specialist will liaise with the Corporate Risk Management Services division to enable alignment of IT risk framework with the overall Enterprise Risk Framework. They will support the development, implementation and administration of enterprise wide risk management programs relating to operating, financial, procurement, contract and technology risks as they relate to the IT Cluster. They will be responsible for leading the ITC engagement in business continuity planning for the organization. The role also involves reporting and presenting on audit findings, remediation commitments and overall risk status to Executive level.

JOB REQUIREMENTS:

1. Education requirements:

1. Develop, maintain and report on the IT Risk register to ensure that all IT risks are documented, identify an owner and document remediation options.

• Work with Business Continuity Management Office (BCP) and lead the IT BC program. Leading the ITC engagement in business continuity planning (EMBC) for the organization
• Provide governance reporting/memos to Executive Committee, Governance committee, BOD etc.
• Develop and track sets of key risk indicators to monitor trends in the organizations’ risk profile;
• Assist in the mitigation of IT risks, identify new ways to further enhance the risk mitigation

1. Risk & Compliance Focus

Act as central point of contact for IT for all business and external stakeholders as it pertains to audit and compliance as well as internal control reviews.

• Coordinate internal control for financial reporting reviews and audits including:
• Coordinate the ITC engagement and response to all control review request
• Coordinate the production of evidence to support the control objective
• Engage the appropriate ITC area to document the control and provide evidence
• Coordinate the remediation by ITC of any gaps related to the controls
• Coordinate all internal audit of ITC areas and document all findings in risk register;
• Contribute to the identification and monitoring of gaps related to compliance controls and identify emerging risks