- We support our employees to shape their career by encouraging continuing education and investing in training and development.
- We put our employees at the center of what we do to allow them to grow personally and professionally, with projects and challenges that are motivating and rewarding.
- We inspire people to do what they are passionate about by believing in integrity, respect and recognition of diversity and community support.
- We are a dynamic team where entrepreneurship, innovation and collaboration are at the core of our values.
- We offer competitive salaries and a multitude of benefits starting day one including generous medical and dental coverage, telemedicine, employee and family assistance program, and retirement and savings programs.
- We recognize the importance of work-life balance with our hybrid work program, wellness allowance, and year-round social activities and events.
- Support the approved IT Risk Management program within our company:
- Enable operationalization of the cybersecurity governance framework, including and not limited to controls, requirements, artefacts, processes, forums, and channels suitable to the operating environment and aligned to the suitable industry leading practices in cybersecurity (e.g. ISO, NIST, SOC, CIS, CMMC, Bill 64, etc.).
- Develop cybersecurity governance requirements, control, processes and artefacts aligned to industry best practices as suitable for the operating environment.
- Act as the main custodian and key subject matter expert for the full repository of governance tools and artefacts (including and not limited to policies, controls, actions) to ensure accuracy, currency, timely reviews, relevance and suitability to BFL IT landscape.
- Act as the main custodian and key subject matter expert for the GRC automation platform.
- Support the approved Third-Party IT Risk Management Framework within our company, for example and not limited to the following:
- Maintain visibility and provide reporting on cybersecurity and IT risk posture of BFL third parties and overall portfolio.
- Develop, operationalize, and monitor compliance with the approved IT risk management thresholds, third-party Service Level Agreement (SLA), contract obligations, our company governance policies and metrics, industry best practices (including review of reports, certifications, evidence documentation, etc.)
- Liaise with third party relationship owners within the company and monitor due diligence in case of a third party cybersecurity incident, breach, relationship termination, data / activity repatriation, etc.
- Conduct assessments of cybersecurity and IT risks of the IT environment and our third parties'.
- Conduct cybersecurity and IT risk and control assessments of the IT environment and that of third parties, solutions and technologies and provide recommendations to protect and strengthen our cybersecurity and IT Risk Management posture.
- Develop and follow up on the approved recommendations and resolution plans to strengthen our cybersecurity and IT risk posture framework.
- Develop and support IT Risk Heat Map reviews and maintain our IT Risk Register and for our third party's portfolio.
- Monitor our IT risk posture indicators, alerting appropriate internal stakeholders on emerging risks and trends.
- Review, in partnership with Legal and Compliance, external contracts to identify and notify the IT leadership of potential IT risks to operations, data, systems or clients, etc.
- Contribute to the Cyber Governance Intake Channel and fulfill, in accordance with our Cybersecurity Governance Policies, requests for third party cyber and IT risk and control assessments.
- Lead our cybersecurity due diligence assessments for our third parties and provide recommendations to strengthen IT risk posture for our third parties and the portfolio.
- Liaise with third parties and monitor cyber posture maturity and the progress of implementing agreed our recommendations for cybersecurity remediations.
- Monitor, identify and alert appropriate internal stakeholders on emerging IT risks of our third-party portfolio that may exceed the approved IT risk appetite.
- Monitor BFL third party portfolio for cybersecurity and IT risk posture and provide recommendations to maintain IT risk level within the approved IT risk appetite.
- Onboard and operationalize third party IT risk management portal.
- Support the operationalization and ongoing management of the approved IT Risk Management and Cybersecurity Training and Awareness Program:
- Facilitate the selection and the delivery of relevant and effective cybersecurity training in accordance with the approved program requirements and objectives.
- Provide ongoing first-hand support for the development of content and the delivery of the optimal cybersecurity awareness initiatives.
- Continuously assess target audience needs, response trends and performance indicators and develop recommendations for effective Program enhancements.
- Continuously evaluate cybersecurity industry and global technology landscape for emerging and potential security threats and recommend appropriate cybersecurity and IT risk management training and awareness activities, approach, content and delivery tactics.
- Act as a key liaison with relevant stakeholders to enable smooth and seamless operations of the Program.
- Build trust, understanding and rapport with various stakeholders to ensure Cybersecurity Training and Awareness Program consistently achieves the approved performance targets.
- Act as the critical contributor and key subject matter expert for the training and awareness platform.
- Develop and maintain, in accordance with legal and compliance requirements, all IT risk assessments, due diligence, contractual agreements, and monitoring activities for IT environment and IT third-party portfolio.
- Maintain visibility and provide governance reporting on cybersecurity and IT risk posture.
- Participate in the development of the Cybersecurity Roadmap.
- Develop Cybersecurity and IT Risk Management governance framework metrics (e.g. IT Risk Appetite Statement, risk assessment criteria, KRI's, KPI's, thresholds, SLA's, etc.).
- Observe and analyze target audience data for engagement, response and overall cyber awareness performance and provide insights to continuously enhance training and awareness outcomes and relevant cyber controls as needed.
- Develop suitable trends and performance metrics for BFL Cybersecurity Training and Awareness Program (e.g. assessment criteria, KPI's, thresholds, SLA's and KRI's).
- Monitor Cybersecurity and IT Risk Management governance framework and BFL Cybersecurity Training and Awareness Program performance to the approved metrics.
- Develop and monitor IT control posture, effectiveness and maturity indicators, alerting on emerging risks and trends, coordinating Cyber Control Inventory and Exception Log reviews.
- Develop, operationalize, provide and continuously enhance constructive regular reporting on Cybersecurity and IT risk posture, including BFL third party portfolio cybersecurity and IT risks and Training and Awareness Program to various forums and audiences.
- Develop, recommend, facilitate and monitor the implementation of the approved recommendations to strengthen Cybersecurity Training and Awareness posture.
- Monitor and recommend enhancement to Cybersecurity Training and Awareness Program performance metrics.
- Continuously evaluate emerging and potential security threats and recommend appropriate risk management treatments and controls to adequately enhance BFL cybersecurity control effectiveness posture.
- 3-5 years of progressive responsibility in roles focused on cybersecurity and IT risk management, cybersecurity governance and assurance, cybersecurity awareness, and third-party cybersecurity risk assessments.
- Demonstrated expertise in developing, operationalizing and monitoring cybersecurity and IT risks and controls, as well as cybersecurity training and awareness initiatives in all categories of cybersecurity discipline.
- Demonstrated expertise in conducting cybersecurity and IT risk and control assessments and gap analysis internally and for third parties; advising on risks, threats, vulnerabilities; and making recommendations for risk mitigation and cyber posture improvements.
- Demonstrated experience in the development and deployment of cybersecurity governance processes, forums, channels, IT risk management artefacts, metrics and reporting.
- Firsthand work experience with online solutions for audit, governance, risk and compliance assessments, management, monitoring and reporting.
- Solid working knowledge and practical experience implementing and maintaining IT risk management controls aligned with globally recognized information security frameworks and standards such as the ISO 27001, NIST, PCI DSS, SOC, MITRE, etc.
- Working knowledge of:Information Security, Application Security, Infrastructure Security, Email Security, Phishing, Cybersecurity Awareness and various cybersecurity tools and services.Current cybersecurity landscape and trends, emerging threats, defensive cybersecurity methodologies, vulnerabilities management and penetration testing methods.
- Proven experience to discuss and report technical matters with technical and non-technical stakeholders.
- Exceptional critical thinking, problem solving and analytical skills with the rare ability to pay attention to details while maintaining strategic and pragmatic approach. Integrity, data driven and evidence-based objectivity, respect, collaboration, excellence, agility. Effective relationship building and collaboration skills. Role model in cybersecurity discipline and practices.
- Bachelor's Degree in Computer Science, Business or Risk Management.
- Certifications – one of the following:Certified Information Systems Security Professional (CISSP),Certified Information Systems Auditor (CISA),Certified in Risk and Information Systems Control (CRISC),Certified Enterprise Risk Professional (CERP).Certified Third Party Risk Professional (CTPRP),Certified Third Party Risk Assessor (CTPRA).
-
Manager, data governance
3 weeks ago
Loblaw Companies Ltd - Head Office Brampton, ON, CanadaLes candidats référés ne doivent pas postuler directement pour ce poste. · Toutes les références de candidats doivent d'abord être soumises dans Workday par un collègue de Loblaw actuel. · L'utilisation du masculin à pour but d'alléger le texte · Venez faire votre différence d ...
-
Senior Manager, Audit Governance
3 weeks ago
TD Bank Toronto, ON, CanadaSenior Manager, Audit Governance & Control page is loaded Senior Manager, Audit Governance & Control · Postuler remote type Hybride locations Toronto, Ontario time type Temps plein posted on Publié hier job requisition id R_ Lieu de travail: · Audit Détails de la rémunération : ...
-
Manager, Data Governance and Quality
1 week ago
Manulife Insurance Malaysia Toronto, ON, Canada $92,190 - $171,210Manager, Data Governance and Quality page is loaded · Manager, Data Governance and Quality · Postuler locations Toronto, Ontario time type Temps plein posted on Publié il y a 4 jour(s) job requisition id JR Nous sommes un fournisseur de services financiers qui s'emploie à faci ...
-
Manager, governance, compliance
4 weeks ago
BMO Financial Group Toronto, ON, Canada $68,000 - $126,000Date limite pour présenter sa candidature : · 06/02/2024 Adresse : · 250 Yonge Street Groupe de famille d'emploi : · Gestion des activités Réaliser des mises à l'essai afin de fournir des observations et des recommandations sur les résultats des mises à l'essai, les constata ...
-
Manager, data governance and quality
1 week ago
Société Financière Manuvie Toronto, ON, Canada $92,190 - $171,210Nous sommes un fournisseur de services financiers qui s'emploie à faciliter les décisions de nos clients et de nos collègues partout dans le monde et à les aider à vivre mieux. De nos initiatives environnementales à nos investissements dans la collectivité, nous montrons la voie ...
-
Senior Manager, Audit Governance
3 weeks ago
TD Bank Old Toronto, CanadaSenior Manager, Audit Governance & Control page is loaded · Senior Manager, Audit Governance & Control · Postuler remote type Hybride locations Toronto, Ontario time type Temps plein posted on Publié hier job requisition id R_ Lieu de travail: · Toronto, Ontario, CanadaHoraire: ...
-
Manager, data governance and quality
1 week ago
Société Financière Manuvie Old Toronto, CanadaNous sommes un fournisseur de services financiers qui s'emploie à faciliter les décisions de nos clients et de nos collègues partout dans le monde et à les aider à vivre mieux. De nos initiatives environnementales à nos investissements dans la collectivité, nous montrons la voie ...
-
Manager, data governance
3 weeks ago
Loblaw Companies Ltd - Head Office Brampton, ON, CanadaLes candidats référés ne doivent pas postuler directement pour ce poste. · Toutes les références de candidats doivent d'abord être soumises dans Workday par un collègue de Loblaw actuel. · L'utilisation du masculin à pour but d'alléger le texte · Venez faire votre différence d ...
-
Senior manager, governance
1 week ago
Loblaw Companies Ltd - Head Office Brampton, CanadaLes candidats référés ne doivent pas postuler directement pour ce poste. · Toutes les références de candidats doivent d'abord être soumises dans Workday par un collègue de Loblaw actuel. · L'utilisation du masculin à pour but d'alléger le texte · Venez faire votre différence dan ...
-
Manager, Government Performance
2 weeks ago
LifeLabs Toronto, CanadaLifeLabs is the largest community diagnostics laboratory in Canada, serving the healthcare needs of Canadians for over 50 years. Our team members are truly centred around our customers, and we know that behind every lab requisition, sample being tested, or investment in technolog ...
-
Manager I, Governance
3 weeks ago
The Toronto-Dominion Bank (Canada) Toronto, Canada Full timeDescription · Reporting to the Manager, Business Banking G&C, the Manager I, Governance & Control will provide support for AML /Regulatory Compliance Management as an SME and manage/conduct ongoing quality testing for key controls. This is an exciting and high visibility role. ...
-
Senior Manager, Governance
2 weeks ago
Royal Bank of Canada> Toronto, CanadaJob Summary · Job Description · What is the opportunity? · The Senior Manager, Governance & Controls will support the Financial & Regulatory Reporting Management team in providing accurate and timely financial information to the bank's shareholders and regulators, implementing pr ...
-
Data Governance Manager
1 week ago
TELUS Toronto, Canada Full timeJoin our team and what we'll accomplish together · The TELUS Data & Trust Office provides world-class, innovative data solutions to TELUS. We partner with teams across the organization to advance our corporate priorities, support innovation and ultimately deliver on our promise ...
-
Manager, data governance
3 weeks ago
Loblaw Companies Ltd - Head Office Brampton, CanadaLes candidats référés ne doivent pas postuler directement pour ce poste. · Toutes les références de candidats doivent d'abord être soumises dans Workday par un collègue de Loblaw actuel. · L'utilisation du masculin à pour but d'alléger le texte · Venez faire votre différence dan ...
-
Senior Manager, Governance
2 weeks ago
0000050007 Royal Bank of Canada Toronto, Canada Full timeJob Description · What is the opportunity? The Senior Manager, Governance & Controls will support the Financial & Regulatory Reporting Management team in providing accurate and timely financial information to the bank's shareholders and regulators, implementing process changes t ...
-
Senior Manager, Governance
2 weeks ago
Royal Bank of Canada TORONTO, Canada Full timeJob Summary · Job Description · What is the opportunity? · The Senior Manager, Governance & Controls will support the Financial & Regulatory Reporting Management team in providing accurate and timely financial information to the bank's shareholders and regulators, implementing pr ...
-
BMO Financial Group Toronto, ON, Canada $92,400 - $171,600Date limite pour présenter sa candidature : · 06/14/2024 Adresse : · 4100 Gordon Baker Road Groupe de famille d'emploi : · Technologie Soutenir et gérer un cadre de gouvernance efficace dans lequel sont définis les moyens et méthodes de mise en œuvre, de gestion, de surveill ...
-
Manager, Government Performance
2 weeks ago
LifeLabs Toronto, CanadaLifeLabs is the largest community diagnostics laboratory in Canada, serving the healthcare needs of Canadians for over 50 years. Our team members are truly centred around our customers, and we know that behind every lab requisition, sample being tested, or investment in technolog ...
-
Senior Manager, Governance
3 weeks ago
The Toronto-Dominion Bank (Canada) Toronto, Canada Full timeDescription · : KEY ACCOUNTABILITIES · CUSTOMER · Develop, communicate and implement a holistic governance and control strategy for own specific business function in support of and integrated with the overall business strategy · Manage and plan activities that require alignme ...
-
Data Governance Manager
4 weeks ago
Randstad Digital Toronto, ON, CanadaSR. Data Governance Specialist Contract position Number of openings 1-2Location either Montreal, PQ, Toronto / Mississauga ON Must be eligible to work in CanadaContract position, 2days/week onsite Must be bilingual for Montreal location, or English for Toronto / Mississauga 7hrs/ ...
Senior Analyst, IT Risk Management and Governance - Toronto, Canada - BFL Canada
Description
We offer more than a job, we offer a career
We are looking for an IT Risk Management Governance Senior Analyst to join our team in our Toronto office
As an IT Risk Management Governance Senior Analyst, you will be responsible for ensuring effective, comprehensive, and seamless operations of the approved IT risk management governance framework aligned to industry best practices and standards. The role is aimed to address risks in cybersecurity and IT governance and operations and provide an effective framework for identifying, assessing, monitoring, and managing cybersecurity and IT risks, including, and not limited to third party IT risks and user cyber training and awareness risks.
If you are career-minded and looking for a dynamic work environment with a growth mindset, you will love working with our team
Your day as an IT Risk Management Governance Senior Analyst
Our ideal candidate
Who we are
Founded in 1987 by Barry F. Lorenzetti, BFL CANADA is one of the largest employee-owned and operated Risk Management, Insurance Brokerage, and Employee Benefits consulting services firms in North America. The firm has a team of 1,300 professionals located in 26 offices across the country. Our employees have free rein to demonstrate their creativity, leadership, and entrepreneurial skills since we believe in each one of them. BFL CANADA is a founding Partner of Lockton Global LLP, a partnership of independent insurance brokers who provide Risk Management, Insurance, and Benefits Consulting services in over 140 countries around the world.
More about us
Our Toronto office is located in beautiful downtown, in the core of the Financial District. Easily accessible by public transit, our office is close to a plethora of top-notch restaurants, ideal for enjoyable lunches or drinks after work.
Let's stay in touch: Follow us on to get privileged access to our activities and see our other job opportunities.
Visit our website to learn more about us:
We welcome and encourage applications from people with diverse abilities. BFL Canada is committed to fostering an environment that is diverse, equitable, inclusive, and accessible to all. The diversity of our talents enables innovation and creativity through diverse backgrounds, different thinking, and unique knowledge. Accommodations are available on request for candidates taking part in all aspects of the selection process.
Offers of employment at BFL CANADA are conditional upon satisfactory results of background verifications.
#LI-Hybrid