Qualifications
Responsibilities
Benefits
The Manager, Technology Risk & Controls leads the Technology Risk and Cybersecurity Assurance function within Internal Controls at Oxford. Reporting to the Senior Manager, Internal Controls, this role is accountable for establishing and operating the technology risk and cybersecurity assurance framework across the organization.
Operating in a dynamic environment, the Manager leads a team of Senior Analysts and is responsible for navigating ambiguity, building structure, and driving outcomes. The role partners with Technology, Operations, and business leadership to embed a strong control environment and enable risk-informed decision-making.
As a trusted advisor, the Manager is accountable for identifying, assessing, and mitigating technology risks across systems, infrastructure, OT, and third-party services, including oversight of IT General Controls (ITGCs) supporting financial and operational reporting.
You will be responsible for:
Technology Risk & Cybersecurity Assurance
Lead the development, implementation, and continuous enhancement of the Operational Technology Cybersecurity Framework, including maturity assessments across assets, systems, and applications
Oversee technology risk identification, assessment, and mitigation
Ensure appropriate cybersecurity controls and ITGCs are designed and operating effectively across internal teams and managed service providers
Drive timely remediation of risks, audit findings, and control deficiencies
Risk Management and Reporting
Own and maintain the Technology Risk Register aligned with enterprise risk standards
Define and monitor KRIs to assess risk exposure and control effectiveness
Perform thematic analysis to identify emerging risks, trends, and systemic control gaps across the technology landscape
Deliver executive-level technology risk reporting and insights to senior leadership and Operational Risk
Support Business Impact Analysis (BIA) and Business Continuity Planning (BCP) activities
Governance, Policies and Frameworks
Develop and continuously improve technology risk policies, standards, and procedures
Ensure alignment with enterprise frameworks and leading practices (NIST, ISO, COBIT, CIS)
Embed risk management into technology operations, projects, and delivery processes
Stakeholder Management, Advisory, and Assurance
Serve as a trusted advisor to Technology, Operations, and business leaders, providing risk-based guidance and fostering a strong risk-aware culture.
Lead internal and external technology risk, cybersecurity, and ITGC audits, including stakeholder coordination, assurance requests, response management, and deliverable quality review.
Drive accountability for the timely remediation of audit findings, control deficiencies, and key technology risks.
Represent Service Assurance in governance forums, steering committees, and cross-functional initiatives, influencing risk-informed decision-making aligned with business objectives.
Conduct targeted reviews of systems, processes, and controls to assess risk exposure, control effectiveness, and improvement opportunities.
Training, Awareness and Continuous Improvement
Lead cybersecurity and technology risk awareness initiatives, developing guidance and training to strengthen risk management and control practices.
Monitor regulatory developments and industry trends, ensuring frameworks, processes, and tools remain aligned with leading practices.
Drive continuous improvement by enhancing risk management capabilities, promoting proactive risk identification, and fostering a strong risk-aware culture.
Leadership and People Management
Lead, mentor, and develop a high-performing team, fostering a collaborative, accountable culture while building capability in technology risk, cybersecurity, and assurance.
Set clear expectations, manage priorities, and provide direction in complex or ambiguous situations to ensure the timely delivery of high-quality outcomes.
Required Skills & Experience
Degree in Business, Technology, Risk Management, Cybersecurity, or a related field, with 5–7 years of experience in technology risk, cybersecurity, internal controls, audit, or regulatory compliance.
Strong knowledge of technology risk management, cybersecurity principles, IT General Controls (ITGCs), and industry frameworks including NIST, ISO, COBIT, and CIS.
Proven experience leading teams, driving accountability, supporting internal and external audits, and operating effectively in professional services or Big 4 environments.
Excellent analytical, communication, and stakeholder management skills, with the ability to identify risks and control gaps, influence decision-making, and translate complex issues into actionable insights.
Experience leveraging automation and AI to enhance risk management and assurance processes.
Highly organized, proactive, and adaptable, with the ability to manage multiple priorities in a fast-paced environment and advanced proficiency in Excel, PowerPoint, and Word.
Preferred Skills & Experience
Relevant certifications preferred (CISA, CRISC, CISSP, CISM)
Experience with Resolver or similar GRC platforms strongly preferred
We believe that time together in the office is important for OMERS and Oxford, the strength of our employees, and the work we do for our pension members. Our hybrid work guideline requires teams to come to the office a minimum of 4 days per week.
This posting is for an existing vacancy.
The expected salary range for this position is $103,000.00 - $157,000.00 per year.
You may also be eligible to receive an annual Incentive Award pursuant to our Short-term Incentive plan and our Long-Term Incentive plan (if applicable), and to participate in our group benefits and retirement plans – details on these elements of compensation are included within OMERS & Oxford offer letters.
About OMERS Administration Corporation
Similar Jobs




More Jobs at OMERS Administration Corporation



More Information Technology Jobs

