Cyber Security and Information Technology Risk Lead - Montréal, Canada - Business Development Bank of Canada

Business Development Bank of Canada

Verified Company

Montréal, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

We are banking at another level.

Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act.

It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.

Choosing BDC as your employer also means:

Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few
In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1
A hybrid work model that truly balances work and personal life
Opportunities for learning, training and development, and much more...

POSITION OVERVIEW

The Operational Risk Management (ORM) team oversees the effectiveness of multiple operational risk management programs and is responsible for supporting and challenging the business in the management of risks.

BDC and the financial services industry are rapidly evolving introducing more interconnected operational risks.

The ORM team deploys an array of programs to support the first line of defence to better manage risk as BDC undergoes its digital and strategic transformation.

The ORM team is comprised of individuals who are passionate about risk management and improving BDC operations.

We are looking for a Cyber Security and Information Technology Risk Lead, who will become a key member of the ORM team.

They will be positioned as an InfoSec/IT and ORM expert responsible to review the first line of defense in the identification and management of InfoSec and IT risks across the ORM Framework.

They will have the opportunity to work with individuals across the entire organization and contribute to many initiatives and projects.

They will play a key role in the design, deployment, and evolution of the ORM Framework and methodologies.

CHALLENGES TO BE MET
Support first and secondline stakeholders executing ORM Programs including: Risk and Control Self Assessments, Key Risk Indicators, Operational Risk Events, Business Continuity Management, Risk Appetite, and new product and business initiative risk assessments for products, projects and other changes.
Effectively challenge and critically review first and second line InfoSec/IT risk assessments and risk events
Monitoring and oversight of remediation activities and action plans
Recommend new technology risk assessment methodologies and tools.
Ensure the strength of ORM work methods and their evolution in line with BDC operational realities and industry best practices
Manage and improve ORM program reporting including program reporting, data collection and analysis, risk reporting, action plans, and committee presentations
Develop and maintain ORM stakeholder relationships including first line leadership, second line risk functions, and communication with senior leaders
Develop, enhance, and document ORM Governance and procedures
Coaching and sharing knowledge with more junior members of the team improving functions overall capability
WHAT WE ARE LOOKING FOR
Bachelor's degree in Information Technology, Communications, Business Administration, Social Sciencesrelated discipline
Master's degree or other equivalent combination of education and work experience preferred
Recognized technology and/or Risk certification preferred (CRISC, CISM, CISA, Open FAIR, CISSP, COBIT, etc.)
Five years of experience working in Technology Risk, Technology Resilience, Technology Audit or related field
Subject matter expertise in IT Operations, Data, Digital, Emerging Technology and/or Information Security
Experience with understanding and translating complex business requirements in a fastpaced banking sector preferred
Strong business acumen, analytical qualitative and quantitative skills (advanced MS Excel, Power BI an asset)
Excellent French and English written and verbal communication skills, including for the development and delivery of presentations
Excellent understanding of modern governance, risk and control frameworks, including the three lines of defense
Comfortable dealing with and challenging senior stakeholders
Responsive, agile approach to manage changing priorities
Continuous improvement/learning mindset, challenging the status quo and seeking self improvement
Acuity for perceiving and understanding client/stakeholder needs
Strong planning, coordinating, organizing, training and implementation skills
Ability to prioritize, meet tight deadlines, escalate when necessary, and work in a multicultural, bilingual and dynamic environment
Proficiency with MS Office Suite (Word, PowerPoint, Visio)