Director, Governance, Risk, and Compliance

Aviso Wealth:

At Aviso, we are dedicated to improving the financial well-being of Canadians. As a leading wealth management organization, we are committed to leadership, innovation, partnership, responsibility, and community. Working with talented and energetic professionals who exemplify our values every day, you will quickly notice that our people and dynamic ‘oneaviso’ culture sets us apart. If you are looking for interesting and challenging work, at a company committed to its people, find out more about what Aviso has to offer at www.aviso.ca.

The Opportunity:

We’re looking for a Director, Governance, Risk, and Compliance (GRC) to join our Technology Security team.

Reporting to the VP, Technology Security, the Director, Governance, Risk, and Compliance (GRC) is responsible for leading the organization’s efforts in managing risk, ensuring compliance with regulatory requirements, overseeing the awareness programs, and maintaining a robust governance framework. The successful candidate will lead efforts to assess and manage risks, develop security metrics, ensure regulatory compliance, and drive security awareness across the organization. This role requires extensive experience with the NIST Cybersecurity Framework (CSF) and ISO 27001 standards to enhance the organization's security posture and align with regulatory requirements, industry standards and best practices.

Who you are:

• Service – You consider both internal and external stakeholders and demonstrate intent of understanding and putting the clients’ needs first. You advocate service excellence and work to deliver solutions that meet the needs. You proactively develop strategic partnerships that allow Aviso Wealth to become a trusted advisor and partner
• Execution – You are committed to achieving your goals and to succeed. This includes focusing on “getting things done”, as well as recognizing and taking advantage of opportunities as they arise. You are consistently looking for ways to improve your personal best and see value in continuous improvement. You take accountability for your actions and learn from mistakes
• Collaboration – You work collaboratively with others with the common goal of driving positive results. Making meaningful contributions to your team to achieve organizational goals is a priority. You proactively encourage collaboration, build trust and inclusion, and work to establish effective relationships both inside and outside of the organization
• Leadership – You lead your team and provide regular direction, guidance, coaching, and motivation, all while striving for peak performance. You assist them in overcoming obstacles through additional resources, removal of roadblocks, and providing the level of support required for their success. You delegate and deliver feedback based on the in-depth understanding of your individual team members

What your day looks like:

Governance:

• Develop, lead, and maintain GRC strategies, policies, procedures, and standards
• Ensure alignment of GRC strategies with business objectives and regulatory requirements
• Lead the development and maintenance of the organization’s information security governance framework

Risk Management:

• Develop and craft the overall cybersecurity risk and governance vision
• Identify, assess, and prioritize cyber risks to the organization’s information assets
• Develop and implement risk management strategies and mitigation plans. Ensure that cybersecurity risks are managed collaboratively with the business and decisions are made on a balanced risk-prioritized basis
• Develop and maintain the enterprise-wide security risk register, ensuring risks are properly documented, prioritized, and mitigated
• Build and develop third-party cybersecurity risk management process to continuously assess the organization’s third party from a cybersecurity perspective
• Conduct regular risk assessments and audits, ensuring compliance with NIST CSF.  Lead periodic self-assessments against the framework, along with independent third-party assessments

Compliance:

• Develop, build and refine service metrics, KPIs and KRIs for cybersecurity risk and governance functions
• Collaborate with the SOC team to manage security incidents and breaches, ensuring root cause analysis and corrective actions are completed
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., PIPEDA, CIRO etc.)
• Implement and monitor controls to ensure adherence to NIST CSF.  Oversee the organization’s NIST CSF certification process and maintain compliance with its requirements

Security Awareness and Training:

• Design and conduct security awareness and training programs for employees, such as, phishing/spear-phishing, etc.
• Promote a culture of security awareness and compliance throughout the organization

Collaboration and Communication:

• Work closely with IT, legal, and other departments to ensure comprehensive GRC practices
• Communicate GRC issues and initiatives to senior management and the board of directors

Requirements

Your experience and skills:

• Bachelor’s degree in Information Security, Computer Science, or a related field (Master’s degree preferred)
• A minimum of 10 years of experience in information security, with at least 5 years in a leadership role
• Extensive experience with NIST CSF and ISO 27001 standards
• Relevant certifications include CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor
• Strong understanding of regulatory requirements and industry standards (e.g., NIST CSF, PIPEDA, ISO 27001, etc.)
• Proven ability to develop and implement GRC strategies and programs
• Excellent communication, leadership, and project management skills
• Ability to work effectively in a fast-paced, dynamic environment
• Experience with cloud environments preferred (Azure, AWS, Google)
• Strong analytical and problem-solving skills
• Ability to influence and collaborate with stakeholders at all levels of the organization
• Fluent communication skills in English are required and bilingual French skills are an asset

Benefits

Why Aviso Wealth?

At Aviso Wealth, you will find a dynamic and inclusive culture that rewards innovation and celebrates success.
Here are a few things that set us apart:

• Competitive compensation package that rewards and recognizes individual contributions
• Excellent health, dental and insurance benefits to meet the diverse needs of our employees
• Generous vacation time, fitness benefit, parental leave top-up options
• Matching contributions to our retirement program
• Commitment to the continuous improvement of our staff through learning & development and an education assistance program
• Regular social events to foster teamwork

Equal Employment Opportunity

Aviso Wealth welcomes and encourages applications from all qualified individuals including persons with disabilities. If you require an accommodation, we will work with you to meet your needs in all stages of the hiring process.

We thank all applicants for their interest, however, only those selected for further consideration will be contacted.

No recruiters or agencies, please.

Company Overview:

Aviso is a leading wealth management and investment services provider for the Canadian financial industry, with over $130 billion in total assets under administration and management, and over 1,000 employees. We’re building a comprehensive, technology-enabled, client-centric wealth services ecosystem. Our clients include our partners, advisors, and investors. We’re a trusted partner for nearly all credit unions across Canada, in addition to a wide range of portfolio managers, investment dealers, insurance and trust companies, and introducing brokers. Our partners depend on Aviso for specific solutions that give them a competitive edge in a rapidly evolving, highly competitive industry. Our investment dealer and mutual fund dealer and our insurance services support thousands of investment advisors. Our asset manager, NEI Investments, specializes in investing responsibly. Our online brokerage, Qtrade Direct Investing®, empowers self-directed investors, and our fully automated investing service, Qtrade Guided Portfolios®, serves investors who prefer a hands-off approach. Aviso Correspondent Partners provides custodial and carrying broker services to a wide range of firms. We have offices in Toronto, Vancouver, Montreal, and Winnipeg. Aviso is backed by the collective strength of our owners: the credit union Centrals, Co-operators/CUMIS, and Desjardins. We’re proud to power businesses that empower investors.

A career with Aviso means being part of a group of talented, energetic professionals who live their values every day, and belonging to an organization dedicated to your success and career development. If you’re looking for interesting and challenging work, at a company committed to its people, apply to join our team.

Salary

This position is posted with an expected salary range of $145,000 - $175,000 CAD annually. Individual compensation packages are based on various factors unique to each candidate and the requirements of the position.