Financial Services - FINANCIAL SERVICES - AVP BUSINESS TECHNOLOGY RISK MANAGEMENT
THIS SEARCH WAS SUCCESSFULLY COMPLETED.
About the company
Headquartered in Toronto, our client is a major global financial institution with over 50,000 employees around the world. Our client offers a full range of financial products and services to approximately 22 million customers worldwide through four key business lines:
- Canadian Personal and Commercial Banking
- Wealth and Insurance
- Wholesale Banking
- U.S. Personal and Commercial Banking
Our client ranks among the world’s leading online financial services firms, with approximately 8.5 million online customers and trades on the Toronto and New York stock exchanges.
Technology Risk Management & Information Security
Technology Risk Management & Information Security (TRMIS) is responsible for providing policies and governance for managing risk across the organization through a set of technology based standards and controls.
The Business Risk Management team (BTRM) is a team within TRMIS, and is responsible for ensuring that corporate policies and standards, as they apply to information security and information technology, are adhered to within the layers of technology and support processes. Leveraging a common risk/control framework the BTRM team is accountable for ensuring that standards are applied within the various supported technologies, and regular testing is performed to ensure the appropriate level of controls are in place and remain effective. The team is also responsible for ensuring control gaps, both self-identified as well as Audit findings, are documented, prioritized and remediated among the various support teams.
Reporting to the Vice President of the Business Technology Risk Management, within Technology Risk Management & Information Security for our client, you will be accountable for supporting the Infrastructure Technology Solutions organization with alignment to the Chief Technology Officer. The AVP will lead a team responsible for managing risk associated with a complex suite of technology services that support the enterprise. The responsibilities would include, but are not limited to:
- Protecting the organization from risks associated with infrastructure services, by leading a team of Risk professionals that are responsible for delivering on IT Risk management programs.
- Ensuring all appropriate control standards are implemented and tested for effectiveness.
- Ensuring control objectives for regulatory standards (SOX / PCI) are prioritized and effectively managed within a lifecycle for all technology teams.
- Managing prioritization and remediation of Audit findings appropriate to level of risk.
- Strategic planning around key risk initiatives that influence technology planning.
- Monitoring & reporting on risk posture, as well as escalation and remediation of key control deficiencies.
- Providing a single security and IT Risk representative for all issues, events, and programs.
- Providing a point of coordination for all security related activities within the central Technology Risk Management and Information Security team.
- Serving as a point of escalation and notification for security and IT Risk related issues.
- Leading a State of Health program for Infrastructure Technology Solutions including reporting, planning and prioritization of key risks.
- Participating in key CTO planning and strategy meetings.
- Ensuring technology owners understand key security and IT Risk strategies.
- Ensuring full participation in Audit programs assisting the technology team in providing evidence of controls and risk based remediation efforts where appropriate.
- Comprehension of regulatory technology control requirements and appropriate framework to managed effectiveness and compliance (SOX / PCI).
- Ensuring effective processes are in place to manage risk across all technology domains.
- Ensuring programs are in place to manage risk based prioritization of controls and control remediation, as identified by the framework and/or audit reviews.
- Ensuring programs for security awareness and risk management training is in place across all applicable technology teams and that they refreshed on a regular basis.
- Ensuring outsourcing partners adhere to the client’s security policies and standards, by establishing oversight controls, and by ensuring risk has been mitigated to protect the organization.
- Developing on-going technology risk reporting, monitoring key trends and/or breaches and work with executive management to help address security risk issues.
- Ensuring effective development practices are in place to keep team current with emerging technology advancements/trends, and regulations to support business needs and leverage a highly capable management team, actively developing and deploying talent across the business
- Ensuring effective performance management is in place to develop, recruit and recognize high performance employees.
This is a new role within the organization and as such represents the opportunity for an individual with a clear vision of technology risk management and security to establish the benchmark for performance. The successful candidate will also have the opportunity to build and transform his/her own team and put a stamp on the organization
Key Candidate Qualifications
- Ability to build a strong Technology Risk Management program, in a complex infrastructure environment, adopting a common framework for identifying risks, defining key controls necessary to protect overall risk, and influencing technology teams to implement / remediate controls as appropriate.
- Deep knowledge of both IT Security and IT Risk issues associated with technology, spanning from infrastructure to applications and data.
- Experience in a high transaction, large/complex/matrix business environment ideally within financial services.
- Has managed a multi-site team of at least 30 professionals.
- Ability to articulate technology risk in business language in order to inform senior executives.
- Excellent client engagement/management skills.
- Possesses exceptional strategic thinking, planning and relationship skills.
- Ability to influence management and build credibility across the organization.
- A collaborative and engaging leader who partners well with others; the individual will partner with divisional CIOs, business heads, vendors, auditors, regulators and counterparts at other financial institutions.
- A leader who communicates their vision across team and businesses.
- Ability to build relationships with peers, viewed as a collaborative executive.
- Ability to create and lead high performance teams, drive talent management, and create a culture driven towards performance.
- Ability to lead change at all levels within the organization including peers and senior management.
- Ability to establish a vision, communicate and execute on the vision.
- Ability to lead and succeed in a matrix organization.
- University or post-graduate degree.
- Relevant work experience, preferably in the data network communications area, but with a broader understanding across multiple IT disciplines.
- A CISA and/or a CISSP designation would be highly desirable but are not essential to fulfill this mandate.