Senior Manager, Global Monitoring

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Job description (heading) /  Description du poste (titre)

This role will support the second line Technology & Cyber challenge activities globally, including maintaining a relationship with our Business Group Risk Teams focused upon monitoring Process and Control effectiveness.

Key areas of focus will be:

• Shifting from a reactive challenge approach to one that is proactive, embedded with first line leadership and able to provide real-time challenge across key initiatives and processes, such as Incident Management.
• Ensuring that challenge processes and artifacts provide management with the appropriate insight to provide ET and Boards with the required assurance as to Sun Life's Technology & Cyber Risk Management (TCRM) practices and risk posture vs. our risk appetite.
• Ensuring that the TCRM challenge function keeps up with the rapidly evolving external threat environment and increasing regulatory expectations.
   

Preferred skills (heading) / Compétences particulières (titre)

• This role will support a global, offshore second line of defence monitoring function. Activities will require challenging a range of topics including policy compliance, risk decisions, and the judgement and decisions of management, up to the AVP level. Key concerns will be escalated to the Director, Global Monitoring and the AVP, Technology Governance & Change Initiatives.
• University degree with 3-6 years of experience or high school diploma with 6-10 years of experience or an equivalent combination of education and experience; will have typically completed professional designations.
• Information Technology / security professional certification, such as ITIL, CISSP, CISM, or CISA or Audit certification with appropriate work experience.
• In-depth understanding of the risk management life cycle, which include risk identification, risk assessment, risk response and reporting, and risk monitoring and review.
• In-depth understanding of global technology & information management standards and requirements (e.g., regulatory) and industry best practices, including the NIST Cyber Security Framework.
• In-depth understanding of first line of defence information processes (e.g., risk management, change, problem & incident management), controls, and systems at Sun Life is an asset.
• In-depth understanding and direct experience with the execution of:
• -- RCSAs
• -- Operational Risk Events or their external equivalent
• -- Key Risk Indicators
• -- Scenario Analysis
• -- Control Design and Operating Effectiveness Assessment
• -- Control Testing and Substantive Testing
   
• Effective presentation, communication, negotiation, and conflict management skills.
• Strong relationship management skills and a proven ability to gain and maintain credibility with key front-line stakeholders.
• Effective change management, through strong impact and influence skills.

Qualifications (heading) / Compétences (titre)

• University degree with 3-6 years of experience or high school diploma with 6-10 years of experience or an equivalent combination of education and experience; will have typically completed professional designations.
• Information Technology / security professional certification, such as ITIL, CISSP, CISM, or CISA or Audit certification with appropriate work experience.
   

Responsibilities (heading) / Responsabilités (titre)

• Deliver activities commensurate with a global second line of defense control and process monitoring function. Comply with required process, policy and where appropriate Operating Guidelines which set out the monitoring mandates, practices, and day-to-day operating processes.

• Execute processes to independently define an annual monitoring schedule, obtain populations and extract samples for periodic monitoring / testing. Deliver appropriate monitoring and reporting aligned with declared processes. Prepare periodic reporting to a range of forums and committees at both Business Unit and Business Group level.

• Execute sample monitoring / testing against a broad range of controls as determined by defined schedule and/or ad-hoc request, determine design effectiveness and operating effectiveness. Provide monitoring results and pragmatic, risk-based recommendations to first line teams.

• Assist in quarterly reporting to the Operational Risk and Compliance Committee (ORCC) and Risk Review Committee (RC) on Sun Life’s risk profile.
• Assist in annual reporting to the Risk Committee on the enterprise-wide state of compliance with the Technology Risk, Information Management Risk and Security Risk Policies.

Job Category:

Posting End Date: