Senior Analyst, IT Risk Management

The Senior Analyst - IT Risk Management role is essential in supporting the identification and mitigation of operational, IT, and regulatory risks. As a result of work performed as part of this role, you will greatly contribute towards the implementation of enterprise-wide initiatives aimed at improving technology operations risk management practices.

Your expertise will be crucial in driving change and overall improvement across the organization's approach to IT and Cyber risk. This is an advanced senior position, offering opportunities to work across the organization, functions, and make a significant impact. You will execute risk-based control testing activities, independently evaluating the design, implementation, and operating effectiveness of these controls to enhance our first line of defense (1LOD).

This is an advanced senior position, offering opportunities to work across the organization, functions, and make a significant impact

What will you do?

• Perform risk-based control assessments to evaluate the design, implementation, and operating effectiveness of IT and Operational Controls. Document test work while adhering to quality standards, procedures, and organizational best practices. Responsible for executing Control Assessments of Technology and Operation's first line Key Controls across various domains (including Cyber security, Cloud Operations, Service and Capacity management, Network Operations). May act as designated lead tester/reviewer of control testing engagements.
• Establish and maintain strong working relationships across business units and platforms. Collaborate with various groups to define and achieve deliverables, acting as a trusted advisor on control documentation and testing. Collaborate and liaise with 2LOD and 3LOD (Internal Audit) when required.
• Coordinate with stakeholders to log, manage, and track control deficiencies. Assess remediation plans to ensure they are designed to effectively reduce risk and verify that corrective actions are implemented according to plan.
• Serve as a trusted advisor, advising stakeholders on control documentation and testing, ensuring compliance with organizational policies, regulatory requirements, and industry standards.
• Maintain a thorough understanding of external technology and cybersecurity trends, emerging technologies, and internal technology and cyber risk management approaches. Collaborate with other teams on IT risk-related initiatives to provide guidance and ensure the organization's risk posture aligns with its overall risk appetite. Maintain thorough understanding of organization's governing policies and standards, IT control testing methodologies, and related regulatory and compliance standards.

What do you need to succeed?

Must Have:

• Degree in Computer Science, Engineering, or a related field is required.
• Industry recognized qualifications and certifications in Information Security and/or Risk Management (CISA/CISSP /CRISC/CISSP)
• Minimum of 3 years' experience in Information/Cyber Security, IT Risk Management, IT Operations, or Technology, with at least 3 years focused on controls testing, internal audit, quality control, risk management, or compliance. Ideally, within the financial services industry, a public accounting firm, or a financial institutions regulator.
• A strong understanding of technology and cyber risk management is crucial. Experience with IT risk management practices is highly valued.
• Strong organizational, project management, and time management capabilities are essential. You must be deadline-driven and results-oriented, able to consistently meet high-quality standards while managing multiple tasks and deadlines.
• Demonstrated excellence in both written and oral communication is a must. You should be proficient in effectively and timely communicating with stakeholders, understanding their information and communication needs, and presenting information clearly and persuasively.
• Strong analytical and rational thinking, supported by solid writing skills are essential for documenting and communicating test work effectively. You should be able to grasp stakeholder expectations and align your communication accordingly.
• An understanding of the financial services industry or technology sector, coupled with a familiarity with regulatory environments, will greatly enhance your ability to succeed in this role.

Nice To Have:

• A strong understanding of financial services industry and experience with Compliance and Industry framework such as ISO27001, NIST 800-53, NIST CSF, NIST 800-171, COBiT etc.
• Knowledge of OSFI, FINRA, SEC, MSRB, FRBNY and OCC rules and regulations.
• Strong knowledge of rules, regulations and compliance requirements for the financial services industry concerning hybrid cloud and multiple technology domains specific to the areas of oversight.
• Working experience in cybersecurity and/or IT risk management spaces.

​What's in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A progressive career path in technology risk management and cyber security risk management.
• A comprehensive Total Rewards Program including bonuses and flexible benefits, and competitive compensation.
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact

#LI-HYBRID

#LI-POST

Job Skills

Business Continuity and Disaster Recovery (BCDR), Cost-Benefit Analysis (CBA), Cyber Security Management, Firewall Management, Information Security Management, IT Network Security, Operational Delivery, Problem Management, Process Management, Threat Management

Additional Job Details

330 FRONT ST W:TORONTOTORONTOCanada37.5Full timeTECHNOLOGY AND OPERATIONSRegularSalaried2024-12-132025-01-31

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above