SENIOR MANAGER, CYBER RISK AND COMPLIANCE

On behalf of our financial services client, Procom is searching for a Senior Manager, Cyber Risk and Compliance for a permanent role. This position is a hybrid position with 2 days onsite at our client’s Toronto office.

SENIOR MANAGER, CYBER RISK AND COMPLIANCE - JOB DESCRIPTION:

The Senior Manager, Cyber Risk and Compliance is responsible for implementing and operationalizing cyber and technology risk programs related to advanced technologies such as AI, ML, and quantum computing. This role ensures security, compliance, and resilience against evolving threats by maintaining policies, standards, and controls, aligning with the Enterprise Risk Management and Cybersecurity framework.

SENIOR MANAGER, CYBER RISK AND COMPLIANCE - MANDATORY SKILLS:

• University degree in Computer Science, Cybersecurity, Engineering, or related discipline.
• At least 10 years’ experience in managing audit readiness and cyber risk programs in regulated industries.
• Strong technical expertise in ISO 27001, SOC 2, PCI-DSS, and NIST audits.
• Familiarity with cybersecurity and risk frameworks such as COBIT, COSO, and NIST CSF.
• Strong operational understanding of AI/ML platforms and security requirements.
• Effective communication skills with the ability to influence across levels and teams.
• Excellent attention to detail with high organizational skills.

SENIOR MANAGER, CYBER RISK AND COMPLIANCE – NICE-TO-HAVE SKILLS:

• Knowledge of Pension Administration and/or Financial Services industry.
• Experience with IT/OT security in cloud, hybrid cloud, and on-prem environments.
• Understanding of quantum cryptography and post-quantum security preparedness.
• Exposure to technology risks in a financial enterprise.
• Certifications such as CRISC, CAISP, or CIPP/CIPM.

• Lead and implement cyber risk and compliance initiatives for AI/ML and quantum computing.
• Execute annual ISO 27001 and SOC 2 assessments, including readiness activities and control validation.
• Operationalize AI-driven platform controls for compliance with various regulations.
• Liaise with ERM stakeholders to monitor and address cyber risks.
• Design risk assessment frameworks and lead technical threat risk assessments.
• Build and manage cyber metrics, maintaining security dashboards and performance scorecards.
• Coordinate cyber incident and breach simulations, including red/purple team exercises.
• Implement and monitor cyber resiliency capabilities for AI systems.
• Perform risk and compliance assessments for GenAI/LLM/ML vendors and platforms.