Description:
The Technology Risk Generalist (TRG), a manger level role aligned to a specific Technology Portfolio to help drive consistency in technology risk activities, processes, and reporting. Reporting to the Dirctor, Technology Risk & Compliance, the TRG will act as the single point of contact for the assigned Technology Portfolio(s) into the Technology Risk 1B function.
The TRG will serve in an advisory capacity for the assigned Portfolio(s) and partner with key stakeholders in executing proactive and effective Technology risk management practices. The partnership will help the Technology Portfolio teams embed a risk management culture into delivery, support and operations that will enable achieve business objectives. Overall, TRG’s role is to strengthen technology risk and control environment; ensuring that technology risks are clearly understood, controls are implemented to mitigate those risks and continuous monitoring is established to measure control effectiveness.
What You Will Do
- Execute on the technology risk management framework via established risk management processes and initiatives including risk identification, risk assessment, monitoring including governance and reporting.
- Actively partner with assigned Technology Portfolio (s) leads and provide extensive subject matter expertise (SME) in key technology risk management areas such as information security, operations, disaster recovery, resiliency, and delivery.
- Regularly monitor, interact, and report on the risk activities and status to technology portfolio and risk management leadership team including other key stakeholders.
- Manage ongoing risk monitoring and enforce compliance with security policies and standards.
- Support Line 2 in their review and challenge of 1st line risk processes.
- Foster, advocate for, and strengthen Canada Life’s overall technology risk posture.
- Manage and maintain a backlog of technology risk remediation work supported by an Issue Management governance lifecycle
What You Will Bring
- 5-10 years of experience in the financial services industry (or other regulated industry).
- Bachelor’s degree in Computer Science, Information Systems, Engineering, Business Technology, or equivalent experience.
- Strong Understanding of technology risk regulatory, and industry best practice (COBIT, NIST, ISO standards, etc.).
- Proven ability to identify, analyze and translate risk in the context of what it means to achieving business objectives.
- A “continuous improvement” mindset.
- Excellent written and oral communication skills.
- Demonstrated capability to build and foster strong relationships through collaboration, influencing change, and building consensus.
- Constant learner and passion for technology and risk governance.
- Deep understanding of how large enterprise organizations work, within in a regulated environment.
- Preferred CISA, CRISC, or CISM certifications or continual improvement related areas like Lean Six Sigma and Process Excellence.
- Experience with ServiceNow GRC or other GRC platforms is an asset.