Job DescriptionWhat is the opportunity?As part of the Group Risk Management team, the Associate Director, Cyber and Technology Risk will support IT/Cyber Risk Management leadership within Enterprise Resilience Risk team in delivering various oversight and challenge processes including: tracking and reporting on status and quality of key Cyber/Technology Risk programs; developing and utilizing effective risk appetite metrics that provide insights into current risk level; identifying issues with policy compliance through analysis and testing of controls; monitoring and assessing cyber/technology incidents; and performing thematic reviews to investigate issues and providing value add recommendations.
What will you do?- Leverage data driven insight and provided opinions and challenge on key risk indicators.
- Support the completion of thematic reviews, scenario analysis, external event analysis, new change initiative assessments and development of risk profiles that can be leveraged to report to senior management, board, and regulators.
- As second line of defense, work closely with first line to provide effective and cyber/technology oversight and challenge for T&O Operational and IT risk programs such as Risk and Control Self-Assessments, Operational Risk Event Reviews, IT Risk Assessments, Integrated Risk Profiles to validate the business is operating within Risk Appetite.
- Champion managing risk rather than risk avoidance, by seeking solutions.
- Maintain knowledge of emerging technologies, threats/vulnerabilities and risk management practices and its implications to the business platform.
- Maintain assigned Domain Risk Profiles to provide a strong fact-based opinion on the Technology Risk profile.
- Maintain a monthly risk profile across Technology Risk categories.
- Operate a one front door policy by ensuring effective support of business requests and follow through.
- Develop and maintain key internal and external relationships to provide advice and oversight on standard compliance, support operational risk program adherence and effective incident reporting.
- Provide oversight and challenge on the management of significant cyber incidents.
- Support cyber/technology related regulatory examinations / requests / assessments / reporting.
- Recommend changes to Cyber & IT Risk policies/standards to maintain currency in ensuring relevance to emerging technologies and delivery models.
- Develop and maintain key Technology relationships to provide expertise and oversight on new initiatives.
- Keep abreast of emerging technology threats.
- Proactively manage complex and sometimes competing relationships with key local, regional, and global stakeholders on a regular basis.
- Develop strong relationships within GRM and Operational Risk teams in support of common objectives and goals.
What do you need to succeed?Must have:- 7 years in the financial services or other regulated industries
- 5 years of information technology and operations experience is required; preferably as part of a security operations center or in a dedicated security role.
- Expert knowledge of Cyber Security concepts, methodology, processes and procedures and controls.
- Experience with enterprise grade cyber security tools / technologies such as: Endpoint Security, Mobile Device Management (MDM), Email Security, Security Incident and Event Management (SIEM), Web Application Firewall (WAF), Intrusion Detection/Prevention (IDS/IPS), Application Security, Vulnerability Management, Data Loss Prevention (DLP)
- 5 years' experience in in risk identification, aggregation, analysis, and ranking
- Strong metrics and performance management background including data management and analysis.
- Ability to gain credibility and influence in a federated environment and diverse processes and partner with groups across divisions to get visibility to key technology risks.
- Very strong interpersonal and communication skills; ability to communicate with and present to people in wide variety of areas and at various levels from technical specialists and business partners to senior executives.
- Strong knowledge in IT and operational risk management processes, methods, and tools
- Strong knowledge of technology standards, risks, threats, prevention measures, and best practices.
- Good Technical knowledge and experience covering the operating systems (e.g. Unix, Windows, zOS,) and database systems (e.g. Oracle, SQL Server, Sybase, DB2) and middleware (e.g. Tomcat, JBOSS, IIS)
- CRISC / CISSP / CISM / CISA or similar certification
Nice-to-have:- Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as NIST, COBIT, SOC2 reporting framework.
- Solid understanding of current / emerging technology.
- Working knowledge of modern technologies (e.g. Cloud, APIs, DevOps)
- Strong knowledge of technology standards, and best practices.
- Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.)
- Project management.
What is in it for you?- A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation.
- Ability to make a difference and lasting impact.
- Work in a dynamic, collaborative, progressive, and high-performing team.
- Opportunities to take on progressively greater accountabilities.
- A world-class training program in financial services.
Job SkillsCyber Operations, Cyber Risks, Cybersecurity, Cyber Security Management, Cybersecurity Risk Management, Decision Making, Detail-Oriented, Emerging Technologies, Encryption Software, Group Problem Solving, High Impact Communication, Information Security Management, Information Technology (IT) Risk, Information Technology Security, Key Risk Indicators, Leadership, Operational Risks, Risk Appetite, Risk Assessments, Risk Control, Risk Management, Risk Profile, Strategic Thinking
Additional Job DetailsAddress:20 KING ST W:TORONTO
City:Toronto
Country:Canada
Work hours/week:37.5
Employment Type:Full time
Platform:GROUP RISK MANAGEMENT
Job Type:Regular
Pay Type:Salaried
Posted Date:2026-05-20
Application Deadline:2026-06-05
Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above
