{bc}
indeed

Senior Manager, Technology Risk

DUCA Credit Union Ltd.
Toronto, CAN
Full Time
Manager
Onsite
3 days ago
Technology Risk ManagementCybersecurityOperational ResilienceNIST Cybersecurity FrameworkISO 27001COBIT
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Technology Risk ManagementCybersecurityOperational Resilience
Smart Apply

Full Job Posting

Job Purpose & Summary

  • As an integral part of DUCA's Risk Management team, the Senior Manager, Technology Risk is responsible for supporting the effective management and independent risk oversight of Information Technology (IT), Information Security, Cybersecurity, Operational Resilience, and Emerging Technology risks acr
  • The role provides second line of defense to technology risk management practices, ensuring technology risks are identified, assessed, monitored, mitigated, and reported in accordance with DUCA's risk appetite, internal policies, and regulatory expectations.
  • This position partners closely with Technology, Information Security, business stakeholders, Internal Audit, and regulators to support the management of risks related to cybersecurity, cloud services, operational resilience, AI and emerging technologies, IT operations, third party technology provide

Key Accountabilities & Duties

  • Support the development, implementation, maintenance, and continuous enhancement of DUCA's Technology Risk Management Framework, policies, standards, procedures, methodologies, and reporting processes.
  • Provide independent risk oversight and effective challenge of first line technology and cybersecurity risk management activities.
  • Partner with Technology, Information Security, Internal Audit, Compliance, and business stakeholders to strengthen governance processes.
  • Provide risk oversight, guidance, and effective challenge of technology and information security risk assessments conducted by Technology, Information Security, and business stakeholders across IT infrastructure, applications, cloud and SaaS environments, cybersecurity controls, AI and emerging tech
  • Evaluate risks related to system availability, operational stability, technology currency and end of life platforms, cybersecurity threats, data protection, access management, privacy, operational disruptions, and technology transformation initiatives.
  • Assess the design and operating effectiveness of controls, challenge risk mitigation strategies and risk acceptance decisions, and maintain technology risk registers, issues, and remediation plans.
  • Provide risk oversight and effective challenge of key technology and cybersecurity risk management processes, including IT incident management, cybersecurity incident response, vulnerability management, privileged access management, patch management, IT change management, technology currency managem
  • Assist in the oversight of operational resilience, business continuity, and disaster recovery programs by reviewing resilience assessments, recovery capabilities, technology dependencies, scenario testing results, and remediation activities.
  • Review and challenge technology vendor, cloud service provider, and outsourced technology risk assessments, including security reviews, SOC reports, operational resilience capabilities, disaster recovery arrangements, data protection controls, and contractual risk provisions.
  • Partner with vendor relationship managers, Technology teams, and Information Security stakeholders to support the effective management of technology vendor risks.
  • Monitor and report on Key Risk Indicators (KRIs), Key Control Indicators (KCIs), technology incidents, vulnerabilities, outages, emerging risks, and remediation activities.
  • Develop and maintain technology and cybersecurity risk reporting for Senior Management, Executive Leadership, Risk Committees, and the Board.

Occupational Experience & Education Requirements

  • Undergraduate degree in Information Technology, Computer Science, Cybersecurity, Business, Finance, Risk Management, or a related discipline.
  • Minimum 5 to 8 years of progressive experience in Technology Risk Management, Information Security, Cybersecurity Risk, Operational Risk, IT Governance, or related disciplines within a financial institution, credit union, banking, insurance, or other regulated environment.
  • Demonstrated experience conducting risk assessments, evaluating control effectiveness, facilitating issue remediation, and preparing risk reporting for senior management and governance committees.
  • Experience working within a Three Lines of Defense governance model and supporting interactions with regulators, auditors, and external assessors.
  • Experience applying regulatory expectations and industry frameworks, including FSRA guidance and regulatory expectations, NIST Cybersecurity Framework, ISO 27001, COBIT, ITIL, CIS Critical Security Controls, Privacy and data protection requirements.

Knowledge, Skills & Attributes

  • Strong understanding of IT infrastructure, cloud computing, SaaS solutions, cybersecurity controls, IT service management, operational resilience, business continuity, disaster recovery, and technology lifecycle management.
  • Strong analytical, critical thinking, and problem solving skills with the ability to assess complex technology and cybersecurity risks and translate technical concepts into business impacts.
  • Ability to provide independent challenge and influence stakeholders across Technology, Information Security, and business functions while maintaining collaborative working relationships.
  • Strong understanding of technology risk management, cybersecurity, operational resilience, cloud risk, third party risk, and governance frameworks.
  • Excellent organizational skills with the ability to manage multiple priorities, projects, deadlines, and competing stakeholder demands within a fast paced environment.
  • Strong written and verbal communication skills, including experience preparing executive level reports, committee materials, and presentations.
  • Demonstrated ability to build effective relationships across all levels of the organization and interact professionally with regulators, auditors, vendors, and external stakeholders.
  • Strong attention to detail, professional judgement, governance discipline, and risk awareness.
  • Experience with governance, risk and compliance (GRC) platforms, reporting tools, data analytics, process mapping, and dashboard development considered an asset.

Salary

  • The annual salary range for this position is CAD 92,798 to CAD 115,998.
  • Actual annual base salaries will vary depending on relevant job related factors such as experience, knowledge, skills, qualifications, and education/training.
  • This position may be eligible for discretionary bonuses.

Working Conditions

  • Normal office environment with the potential for extended hours during significant technology incidents, cybersecurity events, regulatory reviews, audits, project implementations, business continuity exercises, and reporting deadlines.

Additional Information

  • Department: Retail Credit
  • Primary Location: Corporate Office
  • Employment Status: Full Time
  • Hours per Week: 38
  • Number of Existing Vacancies: 1

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today