Manager, Technology Risk Management

Purpose of Job
The Manager, Technology Risk Management supports the development and ongoing execution of a strong technology risk management program across Equitable Bank and provides independent oversight and effective challenge (as the second line of defense) to ensure the Bank operates within its established technology risk appetite.

Main Activities:

• The Manager, Technology Risk Management role is being created to strengthen and advance the Bank’s technology risk practices, aligned with regulatory expectations including OSFI’s B-13, CSSA and E-21 guidelines. This role will also play a key part in integrated risk management by fostering alignment across related domains such as operational resiliency, business continuity, change management and third-party risk.

Technology Risk Identification & Assessment
• Lead and support the execution of risk identification and assessment processes such as Risk and Control Self-Assessments (RCSA) and New Initiative Risk Assessments (NIRA) across technology, cybersecurity, and data domains.
• Support the identification and management of emerging risk areas, including Artificial Intelligence (AI), ensuring associated risks are evaluated and addressed through appropriate governance mechanisms.
• Monitor technology risk exposures and perform investigations related to technology and cyber events; support root-cause analysis and track mitigation progress using the Governance, Risk, and Compliance (GRC) tool (Resolver).
• Review and challenge Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to validate accuracy, relevance, and emerging trends.

Control Testing & Risk Acceptance
• Lead the Bank’s control testing program to assess the design and operating effectiveness of key controls in technology and cyber environments.
• Support the identification and oversight of AI and data risk, and provide critical challenge to ensure alignment with regulatory expectations and evolving industry best practices.
• Manage and document risk acceptances, ensuring appropriate approvals are in place, residual risks are well understood and documented.

Governance & Oversight
• Support the continuous enhancement and implementation of technology-related policies, standards, and procedures.
• Collaborate with cross-functional stakeholders to support regulatory compliance efforts, including OSFI’s B-13, CSSA, and E-21 guidelines.
• Act as a key point of contact during internal audits, regulatory assessments, and other independent reviews related to technology and cyber risk.

Third-Party & Business Continuity Management
• Provide risk oversight of third-party technology service providers and material arrangements, and support reviews and assessments in collaboration with relevant stakeholders.
• Support activities related to Business Continuity Management (BCM) and Disaster Recovery (DR) programs, as required.

Knowledge/Skill Requirements:

• Undergraduate degree in technology, finance, economics, business administration or commerce.
• 5-8 years of experience in an information technology risk oversight role in a financial institution. Experience in a Technology Audit and Cloud Governance would be considered an asset.
• Technology Risk Management certifications such as CRISC, CISSP, CISM, CCSP or CISA would be considered an asset.
• Strong understanding of risk management, compliance matters, and corporate governance.
• Strong analytical and quantitative skills and problem-solving abilities. Strong attention to detail.
• Strong written and verbal communication skills coupled with meeting facilitation abilities and good presentation skills.
• Good organizational, project and time management skills to efficiently and independently deliver concurrent projects with competing priorities.
• Experienced in audit or sampling techniques and regulatory/legal requirements of financial institutions