System Governance Specialist

Department

Regular, Full time

Closing Date: June 17, 2026

The Ontario Securities Commission (OSC) is the statutory body responsible for regulating Ontario’s capital markets in accordance with the mandate established in the provincial Securities Act and the Commodity Futures Act. The mandate of the OSC is to provide protection to investors from unfair, improper or fraudulent practices, to foster fair, efficient and competitive capital markets and confidence in the capital markets, to foster capital formation, and to contribute to the stability of the financial system and the reduction of systemic risk. This mandate is performed through policy, operational, and enforcement activities. The OSC also contributes to national and global securities regulation development.

We offer a diverse, fair, and flexible work environment and take pride in our challenging and rewarding work.

Summary

Reporting to the Chief Technology Officer, the System Governance Specialist plays a critical role in strengthening the organization’s control environment by bridging audit, risk, and technology. This role requires an individual who combines hands-on audit experience with strong technical acumen, enabling them to interpret audit findings, assess control gaps, and drive meaningful remediation actions across systems and platforms. The role is accountable for establishing and operating a cohesive governance function across Information Services & Digital Solutions (ISDS), combining hands-on execution with strategic advisory. The role serves as the central point of integration for audit, risk, and control activities, while translating these inputs into clear, decision-ready insight that informs ISDS leadership prioritization, trade-offs, and operational direction.

While maintaining responsibility for technology governance processes, including risk registers, audit coordination, and reporting, the role elevates governance beyond coordination by identifying systemic risks, challenging assumptions, and providing actionable recommendations that strengthen control effectiveness, improve resilience, and align technology risks with enterprise risk visibility.

This role ensures technology risk is not only well-governed, but meaningfully integrated into enterprise risk visibility, complementing Enterprise Risk Management and Internal Audit while influencing outcomes across both.

Key Duties and Responsibilities

Proactive Risk Assessment and Control Advisory

• Provide forward-looking risk insight by identifying emerging technology, operational, and vendor risks and advising leadership on potential impacts and mitigation strategies.
• Translate complex risk, audit, and operational data into decisive, outcome-oriented recommendations that shape prioritization, funding, and execution trade-offs.
• Advise leadership on risk acceptance, mitigation strategies, and residual exposure during transformation initiatives, major programs, and operational changes.
• Challenge existing control environments by identifying systemic weaknesses, root causes, and opportunities for standardization across ISDS.
• Drive alignment between ISDS risk practices and enterprise risk frameworks, ensuring technology risks are consistently positioned within enterprise risk discussions.
• Analyze audit findings and translate them into clear, actionable control remediation plans.
• Proactively advise product managers and business lines on controls that should be embedded into systems and processes to mitigate risk.
• Ensure controls are not only documented but effectively implemented within platforms and workflows.

Governance, Risk, and Audit Coordination

• Own the evolution of the ISDS Risk Register into a decision-support tool, incorporating trend analysis, systemic risk identification, and prioritization aligned to business impact.
• Convert audit findings and assessments into enterprise-relevant themes, addressing root causes rather than isolated issues.
• Act as the authoritative interface between ISDS and Audit & Risk, influencing how technology risks are represented, interpreted, and escalated.
• Shape enterprise risk reporting by ensuring technology risks are clearly articulated, appropriately prioritized, and connected to broader organizational risk themes.
• Prepare consolidated ISDS risk inputs for quarterly and annual organizational risk reporting cycles.
• Work closely with audit, risk, and technology teams to interpret audit recommendations and define appropriate technical and operational responses.
• Provide specific, practical guidance to engineering and product teams on how to implement control improvements, not just coordinate activities.
• Track and report on remediation progress, ensuring clear communication with internal and external auditors.
• Develop a strong understanding of OSC’s systems and platforms and how controls operate within them.
• Assess system designs and configurations to ensure alignment with control requirements and risk management standards.
• Act as a trusted advisor to technical teams, ensuring control requirements are understood and properly embedded in system design and delivery.

Audit Findings Management

• Maintain authoritative oversight of all audit and assessment findings impacting ISDS, ensuring completeness, accuracy, and strategic relevance.
• Drive management responses that address root causes and lead to sustainable control improvements, not just issue closure.
• Ensure executive reporting reflects a clear, accurate, and insight-driven view of audit exposure and progress.

Planning and Timeline Management

• Establish and manage a forward-looking ISDS audit and risk roadmap, aligning governance activities with enterprise priorities and decision cycles.
• Lead ISDS engagement in SOC and external assessments, ensuring outcomes strengthen control posture and align with strategic governance objectives.

Governance Forums and Reporting

• Lead the development of executive-ready ISDS reporting that highlights key risk exposures, trends, trade-offs, mitigations, and required decisions.
• Shape leadership forums into decision-oriented discussions focused on prioritization, accountability, business impact, and remediation.
• Ensure governance outputs directly influence planning, investment decisions, and performance management across ISDS.
• Facilitate governance forums with a strong emphasis on driving outcomes, resolving ambiguity, and enforcing accountability.

Operational Metrics and Reporting Framework

• Define and operationalize metrics that provide meaningful insight into risk exposure, control effectiveness, and organizational performance.
• Leverage metrics to identify trends, predict emerging issues, and proactively inform leadership actions.
• Continuously refine reporting to focus on what matters most, eliminating low-value metrics and emphasizing decision-relevant insights.

Compliance and Audit Readiness

• Drive a proactive compliance posture by identifying gaps early and embedding sustainable governance practices.
• Ensure ISDS is continuously audit-ready through disciplined, efficient, and strategically aligned governance processes.
• Promote a collect-once, reuse-many governance model to improve efficiency and consistency across audits and assessments.

Grow your career and make a difference working at the OSC.

* OSC Employees: please apply in Workday using the Browse Jobs feature within your Jobs Hub *

We thank all applicants for their interest in the Ontario Securities Commission. We will contact those selected for an interview.

The OSC is committed to diversity and providing an inclusive workplace and providing accommodation in accordance with the Accessibility for Ontarians with Disabilities Act and the Human Rights Code. It is our priority to ensure employment opportunities are visible and barrier-free to all under-represented groups including but not limited to, Indigenous, Black and racialized groups, people with disabilities, women and people from the 2SLGBTQI+ community, to achieve an employee demographic profile reflective of the demographic profile of Ontarians.

The OSC is a proud partner with the following organizations: Ascend Canada, BlackNorth Initiative, Canadian Centre for Diversity and Inclusion, and Pride at Work Canada

If you require an accommodation during the recruitment process, please let us know by contacting our confidential inbox [email protected].  
 

Visit Accessibility at the OSC to review the OSC’s policies on accessibility and accommodation in the workplace.