Senior Manager, Technology Governance, Risk and Compliance

Why you’ll love working here:

• high-performance, people-focused culture

• our commitment that equity, diversity, and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selves

• learning and development initiatives, including workshops, Speaker Series events and access to LinkedIn Learning, that support employees’ career growth

• membership in HOOPP’s world class defined benefit pension plan, which can serve as an important part of your retirement security

• competitive, 100% company-paid extended health and dental benefits for permanent employees, including coverage supporting our team's diversity and mental health (e.g., gender affirmation, fertility and drug treatment, psychological support benefits of $2,500 per year, and newly extended maternity/parental leave top of 26 weeks)

• optional post-retirement health and dental benefits subsidized at 50%

• yoga classes, meditation workshops, nutritional consultations, and wellness seminars

• access to an annual wellness reimbursement program for health and wellness-related expenses for permanent and temporary employees

• the opportunity to make a difference and help take care of those who care for us, by providing a financially secure retirement for Ontario healthcare workers

Job Summary:

The Senior Manager for Technology Governance, Risk and Compliance Lead plays an integral role within the IT Governance, Risk and Compliance (GRC) team of HOOPP’s Project Management Office and Governance (“PMO & Governance”). PMO & Governance is one of six groups within the Information Technology Division of HOOPP.

The role is in a team of IT GRC professionals who reports to the Director, Technology Governance, Risk & Compliance. As part of the 1st line of defense, this role will lead the establishment and maturity of the IT Risk Management landscape for the organization by delivering, optimizing, and maintaining HOOPP’s IT Risk Program in partnership with IT delivery teams. The role is responsible for providing strategic and technical support to IT delivery teams for effective management of technology risk to maximize value for HOOPP. A primary goal of this role is to provide exceptional IT risk management, governance, and compliance support, optimize HOOPP’s IT risk management and governance processes, and to foster, advocate for, and strengthen HOOPP’s IT risk culture.

The key activities for the Senior Manager, Technology Governance Risk and Compliance includes leading the execution of the IT Risk program, assisting in the development of the IT Risk program, developing/updating IT policies and standards, developing risk assessments templates, maintaining and communicating the IT Risk profile, monitoring and co-ordination of risk related activities, providing strategic guidance to IT delivery teams on IT governance and risk related matters, leading remediation efforts of gaps and findings, and promoting risk awareness within IT teams. This role requires both knowledge and leadership skills to understand HOOPP’s business and IT needs for effective risk management, and working closely with various stakeholders across the IT delivery teams and other stakeholders such as Enterprise/operational Risk, Internal Audit, ICFR and business teams to maintain and strengthen the value proposition of IT GRC across the organization as set out in the three lines of defense model for effective risk management.

What you will do:

• Lead the implementation and maintenance of the IT Risk program across HOOPP.

• Develop, review and revise technology-related policies, standards and guidelines in accordance with best practices, develop and implement socialization strategy of these governance documents to ensure that HOOPP understands its obligations under these documents.

• Lead IT delivery teams operationally and provide guidance and mentorship on technology, Risk and information protection practices and risks.

• Oversee the identification and documentation of the key processes and controls, including application controls, ITGCs, etc. and obtain deep understanding of the key risks and mitigating controls. This includes working with the various stakeholders across the organization to conduct walkthroughs and prepare and maintain detailed internal controls documentation (e.g., process narratives, risk and control narratives, process maps).

• Develop and maintain relationships with key stakeholders across the Investment Management, Finance, Plan Operations, Risk, HR, and IT Divisions and maintain an in-depth understanding of key business and IT processes, including all key systems / applications, and serve as an expert on IT controls.

• Ensure IT risk initiatives are effectively implemented by collaborating with and gaining buy-in with stakeholders and leaders within IT and business teams across HOOPP.

• Lead the team in measuring and effectively reporting on IT’s Risk profile to various stakeholders such as IT leadership to support decision making.

• Assist IT in managing and evaluating upcoming projects requested by the business partners through the IT intake to assess risk for existing and/or new processes and provide control assessment to design applicable controls as appropriate.

• Lead the development of KRIs (Key Risk Indicators) and other operational risk metrics for the IT division.

• Organize and effectively facilitate workshops and education sessions with IT delivery teams, leading IT Risk and compliance initiatives by conducting training and awareness programs to keep partner teams educated and enabled with knowledge to effectively design, monitor and adhere to the controls.

• Bring visibility and transparency of IT risk program work and results and communicate business value of the program to the rest of the organization.

• Identify current and emerging risks and develop risk management strategies to mitigate these risks.

• Foster an enhanced compliance and risk culture by acting as an ambassador or champion for IT Groups in all GRC (Governance, Risk and Compliance) related activities.

• Provide oversight on the management of remediation plans that result due to design and / or operating effectiveness deficiencies.

• Perform quality reviews on the work performed by the IT GRC (Governance, Risk and Compliance) Analysts/testers and provide the necessary guidance on testing methodology, and approaches as required.

• Proactively foresee internal and external business challenges related to technology and IT, make recommendations, and advise on course of action to address risks.

• Assist in the development and update of the IT Risk Management framework including IT Risk universe, Risk assessment templates and IT GRC’s interaction model.

• Foster effective collaboration with the leaders within various divisions across the 3 Lines of defense, primarily with ICFR, ORM, ERM and Internal Audit.

• Identify and execute automation of risk and governance activities within HOOPP.

• Handle Ad-hoc requests or inquiries related to Risk and Control initiatives and function.

What you bring:

• Bachelor’s degree in Business, Accounting, Computer Science, Information System, Engineering.

• 10+ years of experience in IT Governance, IT Risk & Compliance, IT Audit, external/internal audit, SOX 404/ NI 52-109 compliance and internal controls over financial reporting (ICFR), including IT risk and controls, in the financial services industry or public accounting with emphasis on pensions, private investments, real estate and capital markets.

• Expert knowledge of Technology, and risk management frameworks, (such as ISO 27001, NIST, COSO and COBIT), performing compliance and risk assessments, designing controls, and overseeing mitigation projects.

• A minimum of 3 years of management experience including leading a team.

• Experience in developing and/or reviewing IT governance documents such as policies, standards and procedures.

• Preference will be given to candidates who have one or more of the following professional designations, Certified Information Systems Auditor Designation (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA).

• Strong knowledge of Capital and Private Markets, Investments, and related risk management/ compliance/ operations functions would be an asset.

• Experience with control and risk frameworks, performing compliance and risk assessments, designing controls, and overseeing mitigation projects.

• Experience in developing and reporting performance and risk metrics, such as KPIs, KRIs, SLA’s, OKR reporting and dashboards for executive leadership teams.

• Familiarity with data analytics, visualization, and reporting software (Ex. PowerBI) is considered a plus.

• Excellent verbal and written communication skills, especially communicating across all levels and cross functional teams both technical and non-technical.

• Experience in the Financial Services or pension industries is an asset.

• Knowledge of public cloud infrastructure (Azure and Amazon Web Services) and Databases (SQL and ORACLE) is preferred.

• Experience working in an agile environment (software development, infrastructure, and shared services)

• Experience with Service Now GRC platform is preferred.

• Proven ability to educate and share knowledge effectively with diverse teams.