Director, IT Risk Management
Apply locations: North York, Ontario; Toronto, Ontario; Waterloo, Ontario
Time type: Full time
Posted on: Posted Yesterday
Job requisition id: JR00110786
At Sun Life, we value your unique background, experience, and point of view. We encourage, empower, and challenge our colleagues to be their best selves, working alongside dynamic experts eager to share their knowledge. Our leaders inspire and support you to reach your potential and achieve new heights. Every day offers new opportunities to make a difference in the lives of our Clients, who are at the core of everything we do. Discover how you can impact individuals, families, and communities worldwide.
Job Description
We seek an experienced and dynamic Director, IT Risk Management to lead the identification, assessment, and mitigation of IT risks across the Digital Business \& Technology Solutions (DBTS) group. This role will oversee the development and implementation of comprehensive IT risk strategies.
The Director will collaborate with senior leadership, IT teams across DBTS, and other departments globally to ensure a proactive approach to IT risk management.
Key Responsibilities
- Risk Control Self Assessments (RCSA): Lead the identification, evaluation, and assessment of IT risks through RCSA processes across DBTS. Monitor and report on mitigation action plans.
- Policy Review: Participate in reviewing IT policies, operating guidelines, and directives.
- Incident Response and Crisis Management: Maintain an inventory of all technology and cyber incidents, reportable and non-reportable.
- Key Risk Indicators (KRI): Ensure DBTS KRIs are established, updated, monitored, and reported.
- Technology \& Cyber Governance Model: Conduct annual reviews, maintenance, and obtain approval for Sun Life's governance model.
- Operational Risk Events (ORE): Ensure risk events are reported, tracked, actioned, and closed.
- Regulatory: Lead the consolidation of supervisory materials for DBTS executives and assist with regulatory projects related to technology and cyber risks.
- Team Leadership and Development: Lead and mentor the IT risk management team, fostering a culture of risk awareness.
- Stakeholder Communication: Produce quarterly risk reports for the DBTS executive team and communicate risk status and mitigation efforts.
- Collaboration: Work with second-line risk teams to ensure a comprehensive view of IT risks.
- GRC Technology: Manage the Governance, Risk, and Compliance tools supporting controls, waivers, and risks. Ensure systems are updated with relevant data.
- Continuous Improvement: Keep abreast of developments in IT security, risk management, and emerging technologies. Recommend and implement process improvements.
Qualifications
- Education: Bachelor's in IT, Cybersecurity, Risk Management, or related; Master's or relevant certifications (CISSP, CISM, CRISC) are assets.
- Experience: Minimum 10 years in IT risk management, with 5 years in leadership roles. Strong background in security, governance, and compliance frameworks.
- Skills: Knowledge of IT risk, cybersecurity, compliance standards, incident response, team leadership, and familiarity with frameworks like NIST, ISO 27001, COBIT, ITIL. Experience in financial services and with ServiceNow is preferred. Excellent communication, analytical, and decision-making skills.
- Certifications: Relevant professional certifications are assets.
Work Environment \& Physical Requirements
- Ability to work in a fast-paced, evolving environment.
- Flexible hours may be required during critical incidents or project deadlines.
What's in it for you?
- Recognition as a Great Place to Work in Canada for multiple years.
- Certifications in mental health and workplace excellence.
- Flexible hybrid work model (#LI-Hybrid).
- Financial benefits including pension, stock, and savings programs.
- Professional development aligned with our purpose to help Clients and Employees achieve financial security and healthier lives.
- Inclusive, collaborative culture and opportunities for career growth.
The salary range is from $105,000 to $180,000, depending on location and experience. Additional incentive plans are discretionary and based on performance. We value diversity and encourage applications from all backgrounds. For accommodations, contact *************@sunlife.com.
We strive to create a flexible work environment with various options available based on role requirements and individual needs. We appreciate all applicants' interest; only those selected for an interview will be contacted.
