Manager, Global Technology Risk Management - Toronto, Canada - Canada Life Assurance Company

Canada Life Assurance Company

Verified Company

Toronto, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Job Description:

In this role, the Manager TRM will support development and execution of end-to-end, global technology risk management programs, with focus on strategy, methodology, data analytics, reporting and oversight activities.

What you will do

Identify, develop, and implement future-oriented Technology Risk Management framework, programs, capabilities, oversight practices and processes that will optimize the identification, assessment, management, monitoring and reporting of Technology risks

Develop and maintain the global TRM framework, methodology, tools, governance structures and policies ensuring alignment with industry best practices.
Drive consistency, quality, and continuous improvement in the implementation of the TRM framework across the enterprise through close collaboration with the regional technology risk management functions.
Conduct research and analysis on industry risk frameworks and standards, such as NIST, COBIT, ISO or FAIR, to identify the most effective strategies and techniques for managing technology risks.
Provide technical expertise to both develop and challenge metrics for measuring technology and cybersecurity related risks.
Provide expertise around current and emerging technology risk topics and serve as an advocate for these issues within the organization.
Supports development and execution of strategic initiatives in collaboration with internal and external stakeholders.
Evaluate the effectiveness of risk mitigation strategies and make recommendations for improvement.
Facilitate the development and maintenance of the technology risk appetite and associated limits.
Identify potential risk scenarios for technologyrelated risks, such as data breaches, cyberattacks, or system failures.
Maintain and manage riskrelated documentation and ensure compliance with applicable regulations and policies related to technology risk governance.
Develop and maintain cyber insurance programs, including selecting insurance providers, negotiating coverage and claims resolution

Lead the enterprise technology Risk Management reporting process to ensure timely monitoring and reporting of technology risks to senior management and regulators.

Build, implement and manage methodologies, metrics, and processes to consolidate, interpret and report technology risk within the risk appetite to regulators and senior management team.
Good understanding of the FAIR (Factor Analysis of Information Risk) framework and is knowledgeable in mathematical and analytical analysis.
Provide oversight and challenge of technology and cybersecurity risk measurement metrics.
Manage the development and maintenance of technology risk profiles and risk dashboards aligned with enterprise and operational risk reporting; and identify and report on Key Risk Indicators and supporting metrics to support technology risk reporting.
Establish and manage the technology risk data collection, monitoring and reporting processes, ensuring that the procedures are clear and easily executable.
Design, implement and maintain standard TRM reporting templates in alignment with Operational Risk management requirements
Establish and manage the quarterly reporting plan.
Serve as the main point of contact for the regional Second Line of Defence partners related to technology risk reporting.

Promote sound technology risk management practices across the organization

As a catalyst for change, guide the integration of technology risk management practices and culture throughout the enterprise.
Provide training on the technology risk management framework, standards, methodologies, and guidelines to ensure that all stakeholders are aware of their roles and responsibilities in managing technology risks.
Provide objective and independent risk expert advice and counsel, partnering with Technology, Information Security, Audit, Legal, Compliance and Operational Risk Management functions at both regional and global levels.

What you will bring

A bachelor's or master's degree in a relevant field, such as computer science, information technology or risk management.
At least 10 years of progressive experience in technology risk management in large, complex Financial Services and/or Insurance companies including broad knowledge of their various lines of business.
Experience in leading the development and implementation of TRM frameworks, policies, related processes, and controls in a second line of defense role.
Deep understanding and extensive knowledge of Information Security and Cybersecurity, Technology Delivery, and Technology Operations.
Sound knowledge of technology control and risk frameworks, such as NIST CSF, ISO, COBIT 2019, ITIL, COSO, etc. is required.
Experience working with regulators, and strong knowledge of current and emerging global technology risk regulatory requirements.
Experience with implementing and maintaining automated risk management tools (e.g., G