Director, Enterprise Risk Management – IT Security & Cyber Risk

Ready to make an impact Sagen is looking for a Director, Enterprise Risk Management – IT Security & Cyber Risk who will lead and strengthen the Company’s management and oversight of IT, cyber security and emerging risks including AI risks, by driving change in the areas of governance, methodology, metrics and reporting and risk analysis. In this role you will be the key liaison with the Technology team and be responsible to ensure timely identification, prioritization, and communication of key IT and Cyber Risks in alignment with OSFI Guideline B-13, other regulatory requirements and the organization’s risk appetite. This position is being posted to fill an existing vacancy within the department. Here is where you will be focusing to ensure your success Technology and Cyber Security Risk Management Program Responsible for development and implementation of IT and Cybersecurity Risk Management programs, including the implementation of an IT & Cyber risk management application within our Governance Risk and Compliance system Development of processes and procedures and provide ongoing support to business functions, to appropriately identify, assess, measure, and manage IT and Cyber Security risk (Risk and Control Self Assessments, control effectiveness testing etc) Conduct analysis of threat and vulnerability scenarios which may impact IT systems and business processes, and ensure risks are operating within Sagen risk appetite limits. Support risk assessment of all new initiatives, projects, changes as it relates to Technology related risks Governance, Monitoring and Reporting Responsible for development and presentation of IT, Cyber, AI and IT Risk reporting and measurement for decision making of the Senior Leadership Team (Risk Appetite Statements, KRIs, thresholds, tolerances) Subject matter expert in the development of IT and Cyber Security Risk policies, frameworks, standards, risk and control objectives consistent with OSFI B13 domains and in response to internal and external threats, regulatory requirements, and changes in the IT risk landscape. Responsible for coordinating regulatory requests for information and assisting Internal Audit Reviews (as relates to IT controls) Maintain awareness of and monitor significant risk and control issues within the business- monitor and report the status and appropriateness of remediation actions Oversight and Challenge Provide evidence based independent second line oversight and effectively challenge to ensure sound management of IT, Cyber risk, AI and Cloud risk Responsible for third party risk assessments and security reviews Provide second line oversight and report on all technology related incidents Oversee and challenge the Disaster Recovery program/ scenarios as well as alignment with Business Continuity Emerging Risks, Thought Leadership and Promotion of Risk Culture Research and provide thought leadership on current and emerging IT, Cyber Security, AI risks and effective risk management practices, regulatory guidelines, publications Promote Sagen’s risk culture awareness, with a focus on operational resilience in an environment of open communication and effective challenge Maintain strong internal and external relationships and networks to continuously improve and risk programs What we are looking for University degree in science, technology, business management, economics, accounting engineering, or mathematics. 10+ years risk management experience in the financial services industry including strong knowledge of the regulatory environment and requirements. 10+ years’ experience, specifically within risk management of Information Technology and Cybersecurity, controls risk quantification. Strong understanding and working experience in Information Technology Operations In depth knowledge of NIST, ISO 17799, ITIL, CoBIT and other IT Operation specific industry frameworks. Experience using GRC risk management tools. Professional certifications and membership of associations such as CRISC, CISA, CISSP, CISM, etc. are an asset. Strong team player who is resourceful and proactive self-starter, demonstrating the ability to lead and execute change initiatives. Demonstrated strength in working independently, managing deliverables, and resolving issues, recommending solutions applying risk-based thinking vs compliance only approach, while seeking guidance on the most complex situations. Proven project management skills and strong organizational skills with the ability to manage multiple priorities and manage concurrent deadlines. Strong communication skills (verbal, written and presentation) with the ability to influence internal/external stakeholders and exchange information to clearly articulate and translate risks into organizational impact Demonstrated ability to work well under pressure while maintaining a high level of professionalism #LI-Hybrid