Technology Risk & Governance Consultant

Technology Risk & Governance Consultant

ProViso Consulting

Story Behind the Need

• Business group: Internal Controls and Regulatory Management
• Project: IT Risk Management team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for client and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, and Audit and Regulatory issue remediation.
• Reason: new requirement

Candidate Value Proposition:

• There are many exciting opportunities to grow in the areas of technology governance, risk management of technology and cyber security risks, and work with many cross-functional teams within the Bank. Be a part of dynamic team with focus on process improvements and automations.

Typical Day in Role:

• The main responsibility includes but not limited to: Review and revise as needed the IT and cyber security risk assessment processes, results, and artifacts to reduce overlaps and gaps and to produce results that are reusable, complete, accurate, current, can be aggregated, and are consistently actioned.
• Document a consolidated view of, and consistent aspects of the approach (e.g., taxonomy) to, the IT and cyber risk assessment program is required to enable consistency, completeness, and accurate information in support of governance, oversight, and reporting. Initial tasks that will need to be completed include, but are not limited to:
o Create a risk assessment universe, for IT and cyber specific assessments and to clarify the role of each assessment and certain aspects of organizational assessments (e.g., using an IT process taxonomy and a risk taxonomy)
o Develop a clear standard to align and aggregate results, and to assess and treat IT and cyber security gaps from risk assessments
o Deploy the risk assessment universe, and capabilities to support the expectations of the standard, in an appropriately robust tool including workflows and consistent documentation.

Candidate Requirements/Must Have Skills:

• Candidates should have a breadth of IT, and/or non-financial Risk management experience (governance, operations, audit, control functions, compliance, risk management) over 10+ years.
• Requires strong working knowledge in IT Risk management experience in 5+ areas including but not limited to; systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset.
• Knowledge of banking businesses including related systems, procedures, regulations expected. Additional merit awarded for experience in relevant portfolio business line.
• Strong PPT presentation design and delivery expected as part of the leadership team. Data Analytics and Visual dashboarding would be desirable.
• Knowledge or understanding of Risk / Control frameworks is desirable (ITIL, ISO, COBIT, NIST).

Nice-To-Have Skills:
• Big 4 consulting experience will be an asset.
• Additional relevant Certifications would be an asset – ITIL V3 Foundation Cert. in ITSM, COBIT, CRISC, CISSP.
• Experience with technology and cyber security risk assessments, including Threat Risk Assessments, self-risk control assessments, vulnerability assessments, etc.

Soft skills:

• Possessing a diverse set of skills and knowledge across various fields, enabling adaptability and a broad perspective in problem-solving.
• The ability to reason systematically and evaluate information objectively to make sound decisions and solve complex problems.
• Examining and interpreting data to extract meaningful insights, identify trends, and support decision-making processes.
• Effectively engaging and communicating with all parties involved in a project to ensure their needs and expectations are met.
• The ability to convey information clearly and effectively, both verbally and in writing, to various audiences.
• Of managing tasks and responsibilities autonomously, requiring little oversight to achieve goals.
• Driven by personal initiative and a strong internal desire to achieve and excel without needing external encouragement.
• The ability to plan, prioritize, and manage time and resources efficiently to achieve objectives.

Education:

• Bachelor’s degree in computer science, Engineering, Business Commerce, or equivalent experience.

Best VS. Average Candidate:

• Well rounded candidate with soft skills and must have skills.

Candidate Review & Selection

• 1st round – Director & Team member –in-person preferred / MS teams – 45mins.
• 2nd round – With stakeholders of the role – MS teams – 30mins
• The team will be assessing both soft and technical skills.

Job Details

12621

Contract

12 months

Toronto

 





Latest Blogs

© 2024 ProViso Consulting - Toronto Recruitment and Staffing Agency

× Chat

Send this to a friend