Sr. Analyst, Operational Risk Management – IT & Cyber

Referred applicants should not apply directly to this role.

All referred applicants must first be submitted through Workday by a current Loblaw Colleague.

Location:

500 Lake Shore Boulevard West, Toronto, Ontario, M5V 2V9

When you hire great people, great things can happen. 

PC Financial offers unprecedented value to Canadians through payment products. We're a different kind of bank with a different type of team—we’re collaborative and supportive and have the freedom and responsibility to thrive. Our purpose is to make the everyday simple and better for our customers, and we strive to make every dollar worth more.

Proudly serving over 3 million customers, PC Financial continues to grow by offering payment solutions and services that reward our customers every day. As a subsidiary of Loblaws Company Inc., we share the CORE values of Care, Ownership, Respect and Excellence. We are dedicated to helping Canadians Live Life Well. Join us on our journey.

*Our hybrid model requires this role to be in office 4 days a week with flexible working hours at our Bathurst/Lakeshore location.*

Reporting to the Senior Manager, Operational Risk Management (ORM) - IT & Cyber Risk, we are currently looking for a Senior Analyst, ORM - IT & Cyber.  In this second line of defence function, the successful candidate will independently review and constructively challenge how technology and cyber risks are managed by the first line of defence.  In this role, the incumbent will also work with selected vendors and service providers to assess their technology and cyber security practices, identifying potential gaps and areas for improvement.

What You Will Do:

• Understand and support compliance of relevant regulatory requirements such as OSFI B13, OSFI E21 and OSFI B10 advisories and guidelines.
• Independently Review Technology and Security Risk Assessments performed by the first line, challenging and identifying potential issues or improvements in the identification and assessment of risks and compensating controls.
• Conduct Risk & Control Assessments (RCA) to support first line in assessing key risks and testing controls to identify control gaps and develop recommendations for remediation.
• Track all outstanding audit, regulatory and oversight review issues, working with the first line of defence functions to ensure appropriate action plans are in place and on target. Validate effectiveness of remediation plans and actions to address risks and control gaps.
• Assist in conducting annual in-depth independent assessment of selected technologies and processes that are deemed high risk.
• Continuously work to identify risks and controls resulting from new technology and business initiatives.
• Assist in reporting and independent validation of risk appetite thresholds and key risk indicators.
• Support technology and cyber and operational resiliency initiatives such as OSFI E21, business impact analysis, business continuity and disaster recovery programs and cyber simulation exercises.
• Review impact assessments and root causes analysis of significant technology and security incidents. Identify associated risks and potential control issues.
• Support the vendor governance process, including conducting annual technology and cyber risk and control assessments of selected third parties, ongoing monitoring, site visits, contract reviews and due diligence.
• Participate in the continuous improvement of ORM policies and procedures to increase efficiencies and effectiveness, and to respond to emerging industry risk management oversight and regulatory requirements and best practices.
• Develop and manage relationships with internal and external stakeholders based on values of integrity, positivity, partnership and value to the business.

What You Will Need:

• College or University diploma or degree is required.
• 3 to 5 years' experience in assessing technology and security risks and testing controls preferably in the financial services industry.
• Prior experience in risk-based roles such as consulting, internal audit, 1B and 2nd line would be an asset.
• Strong experience reviewing risks and controls in cloud environments (GCP, Azure, OCI) deployed using agile methodologies preferred.
• Professional certifications preferred: CISSP, CCSP, CCAK, CCSK, CISA, CRISC.
• Experience achieving compliance with regulatory requirements preferred. Knowledge of OSFI regulations such as B13, B10 and E21 would be an asset.
• Experience with GRC tools such as Resolver would be an asset.
• Strong communication skills (both oral and written); proven experience articulating security and risk-related concepts to all audiences, including senior executives.
• Ability to build positive relationships with stakeholders.
• Strong analytical and problem solving skills.
• Excellent time management skills and ability to work independently towards deadlines.
• Ability to distill complex ideas into succinct and clear summaries.
• Proficient in creating presentations and collaborating and communicating through the use of Microsoft Office products.

Come and join a winning team who demonstrates innovation, energy, creativity and vision.  We recognize the importance of a diverse workforce and we therefor encourage applications from Aboriginal Peoples, women, members of a visible minority and persons with a disability.  We thank all applicants for their interest, however, only those selected for an interview will be contacted.

Number of Openings:

1

PC Financial recognizes Canada's diversity as a source of national pride and strength. We have made it a priority to reflect our nation’s evolving diversity in the products we sell, the people we hire, and the culture we create in our organization. Accommodation is available upon request for applicants and colleagues with disabilities.

In addition, we believe that compliance with laws is about doing the right thing.  Upholding the law is part of our Code of Conduct – it reinforces what our customers and stakeholders expect of us.

Please Note: If you have Employee Self Service (ESS) on Workday, apply to this job via the Workday application.