What’s in it for you as an employee of QFG?Health & wellbeing resources and programsPaid vacation, personal, and sick days for work-life balanceCompetitive compensation and benefits packagesWork-life balance in a hybrid environment with at least 3 days in officeCareer growth and development opportunitiesOpportunities to contribute to community causesWork with diverse team members in an inclusive and collaborative environmentWe’re looking for our next Senior Manager, IT Risk & Governance Oversight. Could it be you?Reporting to the Director, Operational Risk & Resilience, the Senior Manager, IT Risk & Governance Oversight will be primarily responsible for providing oversight of the Technology risk management and governance framework. Technology services at Community Trust Company (“CTC”) are outsourced to the parent company Questrade Financial Group (“QFG”) and other service providers, where technology operations are the responsibility of such providers however risk oversight remains within CTC.Among a myriad of other responsibilities, the mandate of this role is to provide oversight and effective challenge to the work being performed by the 1st line and other outsourced technology functions. This includes the monitoring and reporting mechanisms that highlight areas of risk exposure and opportunities for effective control of business risk arising from the use of technology. While the successful candidate will operate as part of the Risk Management team, they will be the subject matter expert on all Technology-related matters within the department and have to collaborate with Enterprise IT & Cyber Governance, Risk & Control on a regular basis. This individual plays a critical role in overseeing the confidentiality, integrity, and availability of CTC’s information assets and the alignment of Technology operations with business objectives and regulatory requirements.This role is responsible for the independent design, execution, and oversight of technology risk assessments, control testing, and validation of IT and cybersecurity controls. The role requires a strong technical background to critically evaluate and challenge the design and effectiveness of 1st line of defense IT risk management practices, and to analyze overall Information Technology performance, risk metrics, and control effectiveness against established standards, policies, and regulatory requirements. Excellent communication skills are essential to prepare and deliver regular risk reporting to management, including clear articulation of identified control deficiencies, risk exposures, and recommendations for enhancing the 1st line's technology risk management framework and practices including providing recommendations to outsourced technology service providers.Need more details? Keep reading...In this role, responsibilities include but are not limited to:Providing effective challenge and oversight to the first line of defense regarding the identification, assessment, monitoring, and mitigation of IT & Cyber risks, ensuring alignment with established risk appetite and tolerances.Maintaining subject matter expertise and awareness of evolving regulatory requirements, industry best practices (e.g., ISO 27001, NIST CSF, COBIT), and emerging threats related to information technology and cybersecurity.Independently reviewing and validating the design and operating effectiveness of IT and cybersecurity controls implemented by the first line of defense.Overseeing and challenging the risk management of outsourced Technology functions across various domains (e.g., infrastructure, applications, cybersecurity, data management), including the review of third-party risk assessments.Monitoring and analyzing key IT risk indicators (KRIs) and metrics to identify emerging trends and potential control weaknesses.Assessing and reporting on the residual risk exposure associated with IT processes and systems, providing clear and concise communication to stakeholders.Collaborating with internal audit, compliance, and other risk functions to ensure a coordinated and integrated approach to risk management.Evaluating and challenging the risk assessments conducted by the first line of defense for new initiatives, systems, and changes to existing operations.Contributing to the development and maintenance of the Technology risk management framework, including policies, standards, and procedures.Reviewing and challenging cybersecurity-related test results (e.g., vulnerability scans, penetration tests) to ensure appropriate remediation of identified vulnerabilities.Contributing to the development, testing, and maintenance of IT business continuity and disaster recovery plans from a risk perspective, ensuring alignment with business resilience objectives.Providing risk-based guidance and support to the incident response team, ensuring that security incidents are thoroughly investigated and that root causes and lessons learned are incorporated into risk management processes.Developing and delivering IT risk and security awareness training programs to enhance the first line's understanding of risk management responsibilities.Preparing and presenting risk reports, including KPIs and KRIs, to senior management, risk committees, the Board, and regulators, clearly articulating risk exposures and trends.Liaising with business units to understand new and developing business strategies and assess their potential impact on the IT risk profile.Ensuring IT compliance with relevant laws, regulations, and contractual obligations, including OSFI guidelines (e.g., E-21, B-13, B-10) and other applicable financial industry regulations.So are YOU our next Senior Manager, IT Risk & Governance Oversight? You are if you…Have 7-10 years of experience in a Technology Risk Management, Technology Governance or IT Audit / Quality Assurance role within the financial services industryHold a University degree in Computer Science, Management Information Systems, other related field or equivalent directly related work experienceHold one or a combination of CISA, CRISC, CGEIT, CISM or working towards themUnderstand a broad set of industry best practices (COBIT, ITIL, NIST CSF)Have leadership experience in Service Quality AssuranceHave in depth experience building, maintaining and reviewing risk and control frameworks and their inputsHave experience building, reviewing, or challenging key performance indicators (“KPI”) and key risk indicators (“KRI”)Can communicate effectively to both technical and non-technical audiencesAre proficient at writing or updating Technology and Security proceduresAre capable of building right-sized IT Governance solutionsHave excellent written and verbal communication skillsWork well autonomouslyHave strong benchmarking, reporting and presentation skillAre results driven and action orientedHave strong organizational skills proven in managing multiple projects and ad-hoc tasks simultaneouslyHave strong business acumen and knowledge of principles, techniques, current trends, best practices, regulations, policies, and programs related to risk managementHave people management experienceHave a desire for high performance and ability to make an impactHave in depth experience in deciphering regulatory requirements and developing customized compliance solutionsHave a solutions-oriented mindset, critical thinking and sound decision makingHave strong collaboration, influencing, conflict resolution and stakeholder relationship building and people and process management skillsHave proven ability to manage multiple deliverables with firm deadlinesHave excellent written communication skills with ability to articulate key messages concisely and effectivelyHave experience in Business Continuity and Disaster Recovery PlanningHave experience creating reports for senior managementAre proficient with Microsoft Office, Google Suite, Power BI, etc.Sounds like you? Click below to apply!#LI-NP1#LI-Hybrid
