What’s in it for you as an employee of QFG?
-
Health & wellbeing resources and programs
-
Paid vacation, personal, and sick days for work-life balance
-
Competitive compensation and benefits packages
-
Work-life balance in a hybrid environment with at least 3 days in office
-
Career growth and development opportunities
-
Opportunities to contribute to community causes
-
Work with diverse team members in an inclusive and collaborative environment
This job posting is for an existing vacancy
We’re looking for our next Principal, IT & Cyber Governance, Risk and Control. Could It Be You?
The Principal, IT & Cyber Governance, Risk and Control is a senior, expert-like role in the IT & Cyber GRC team. The Principal has the primary responsibility for managing Audit & Regulatory as well as Control Assurance activities, ensuring technology and cyber operations meet rigorous internal policies and external compliance standards, notably SOC 2, SOC 1, and other key frameworks in addition to regulatory requirements (OSFI, CIRO, etc). The role involves driving strategic framework implementation, and spearheading complex risk and control assessments. A critical component is serving as the primary liaison for all audit and attestation engagements, and providing IT & Cyber GRC counsel to high-priority technology projects to ensure security controls are effective and compliance is maintained by design. This position requires in-depth knowledge of technology, cybersecurity, emerging threats and evolving regulatory requirements to proactively manage technology and cyber risk.
Need more details? Keep reading…
In this role, responsibilities include but are not limited to:
-
ead the continuous monitoring and coordination of control-evidence collection and assurance, leveraging automation and innovative GRC solutions to streamline these processes, while also spearheading complex, high-impact control risk assessments and assurance reviews for critical existing IT & Cyber processes and all new strategic initiatives.
-
Drive the strategic design, implementation, and rigorous testing of technology & cybersecurity controls in deep partnership with cross-functional teams to achieve and maintain compliance with target frameworks (e.g., SOC 2, SOC 1, OSFI B-13).
-
Lead all regulatory compliance-related initiatives, including conducting formal gap assessments against control frameworks (e.g., SOC 1 & SOC 2 readiness, OSFI B-13, etc) for new and existing policies and technologies.
-
Manage and serve as the primary point of contact for all internal, external, and regulatory audit and attestation engagements ensuring successful evidence submission and positive assurance outcomes.
-
Take ownership of and execute complex, ad-hoc, high-priority activities that require immediate control implementation or assurance validation due to emerging threats or critical business needs.
-
Maintain and actively apply a thorough, expert-level understanding of core GRC Frameworks (SOC 2, ISO 27001, etc.) to strategically and effectively drive control implementation and assurance activities.
-
Maintain expert subject matter knowledge and awareness of new and pending legislative, legal, and statutory changes as they translate into new or updated control requirements across GRC frameworks.
-
Act as a trusted advisor in technology and cyber projects as well as working groups, providing expert GRC counsel on best practices and mandatory requirements during the entire product development and deployment lifecycle.
So are YOU our next Principal, IT & Cyber Governance, Risk and Control? You are if you…
-
5 to 7 years of experience in Information Technology, Cyber Security, Internal Audit, Risk Management and/or Compliance in a financial institution.
-
3 to 5 years of hands-on information technology or security operations experience.
-
Holds one or a combination of CISA, CRISC, CISM, CGEIT or equivalent.
-
Knowledge and experience working with data, security, compliance and privacy laws in the Canadian investment and banking industry.
-
Experience writing or updating IT and Security procedures.
-
Experience building key performance and risk indicator dashboards for different management levels.
-
Experience with assessment and review of SOC 1 and 2 reports.
-
Knowledge of a broad set of industry best practices (COBIT, ITIL, NIST CSF, Cloud CSC, Agile SAFE, PCI-DSS, etc.)
-
Exposure to financial industry business processes.
-
Exposure to enterprise and operational risk principles and practices.
-
Exposure to risk scenario analysis, risk quantification and loss event modeling.
-
Experience with using compliance automation tools.
Attributes
-
Strong written, oral communication and interpersonal skills.
-
Ability to communicate with individuals at all levels of the organization.
-
Highly curious, self-motivated and directed.
-
Project Management proficiency.
-
Proven Governance, Risk and Control knowledge.
-
Strong attention to detail and proven analytical and problem-solving abilities.
-
Ability to effectively prioritize and execute tasks in a high-pressure environment.
-
Experience working independently and a team-oriented, collaborative environment.
-
Ability to conduct research and present insights succinctly.
Compensation Information:
-
Base salary range: $115,000 - $135,000
-
The final compensation package will be commensurate with the successful candidate's experience, skills, and geographic location (Canada). It includes a comprehensive benefits plan and a competitive incentive (bonus) program for Full-Time Permanent roles.
Sounds like you? Click below to apply!
#LI-Hybrid #LI-JW1
