Director, Technology Risk

Job Description

Grade:  P9

Referral Level: Level 1

Division: IGM Risk, Audit & Sustainability

IGM Financial Inc. is one of Canada's leading diversified wealth and asset management companies with approximately $271 billion in total assets under management. The company provides a broad range of financial planning and investment management services to help more than two million Canadians meet their financial goals. Its activities are carried out principally through IG Wealth Management and Mackenzie Investments. 

Under IGM Financial’s unique business model based on leading brands and multi-channel distribution strategy is Mackenzie Investments, founded in 1967.  Mackenzie Investments is a holistic asset-management partner for thousands of Canadian financial advisors and the investors they support.   

At Mackenzie Investments You Can Build Your Career with Confidence. 

We have a vision and a strategy that will challenge the way business in this industry is done and help Canadians be successful in the ways that mean the most to them. As part of our team, you will do some of your best work, develop some of your most valuable skills and give back in ways that make a difference in the lives of Canadians.  We are proud to be recognized as one of Canada’s Top Employers by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while working remotely, while also providing resources to ensure physical and mental wellness were put front and centre. 

Join an unstoppable team that is embedded in continuous learning, understanding, and knowledge sharing. You will thrive in our supportive environment where you can indulge your curiosity to learn, while receiving the feedback you need to refine your skills and abilities. We are dedicated to offering a hybrid work environment when applicable. 

Mackenzie Investments is a diverse workplace committed to doing business inclusively - this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada – including racialized persons, women, Indigenous persons, persons with disabilities, 2SLGBTQIA+ community, gender diverse and neurodiverse individuals, as well as all who may contribute to the further diversification of ideas.  

Department Summary

The Risk Management (“Risk”) Function partners with the business to create a risk engaged culture, provide insights to mitigate threats and seize opportunities, and assesses the company's risk landscape relative to stakeholder expectations. Responsible for the second line oversight of financial, non-financial, strategic and business risk management across the IGM group of companies, the Risk Function also has responsibility for Corporate Sustainability, CSOX and Insurance programs and administrative oversight of IGM Financial’s internal audit function.

Position

The Director, Technology Risk Management (TRM) is responsible delivering the second line of defence TRM program and overseeing risk management activities conducted by the 1st line of defence related to technology risks. This position reports to the AVP, Technology Risk, and is part of the broader risk management team under the leadership of IGM’s EVP and Chief Risk Officer.

As a valued member of our team, you will work with a team of risk professionals to ensure the company executes technology risk management activities in a structured and consistent manner. This approach will align with the company’s risk management and risk appetite frameworks, including the identification, measurement, management, monitoring and reporting of technology risks. You will leverage your strong communication and interpersonal skills to build and sustain strong relationships, positioning yourself as a valued partner who offers sound guidance and demonstrates a deep understanding of the technology and business environment. This is a highly leveraged role within a growing team, and you will be a key part in advancing the maturity of technology risk management in the company.

Responsibilities

• Oversight and Effective Challenge: Provide second line challenge and oversight duties in crucial technology risk domains, including Information Security, Data Governance, and Information Technology Solutions & Availability
• Risk Culture: Foster a strong risk culture within the organization, closely collaborating with operational units, business leaders, and senior management to build strong, collaborative and trusting relationships
• Risk Identification: Lead independent assessment and oversight activities, leveraging a range of risk management and identification techniques (e.g. RCSA, thematic reviews, control testing, risk treatment decision challenges) to evaluate the design and effectiveness of first line controls and processes.
• Risk Profiling: Maintain a strong understanding of the company’s technology control environment, ensuring the effective conduct of risk assessments for internal controls and operational practices.
• Strategy: Contribute to the development and execution second line TRM strategy and program.
• Capabilities Development: Actively participate in and contribute to the development of changes in TRM’s perspective and context, enhancing Risk framework methodology, KRI's, and reporting on top and evolving risks.
• Implementation: Champion the evolution and execution of the company’s risk management framework and risk appetite framework, working closely with stakeholders across the three lines of defence. Focus on standardization and continuous improvement to elevate the organization's risk management maturity.
• Process Enhancement: Collaborate with other lines of defense to identify areas for control improvement and oversee corrective action plans. Provide expert guidance on risk management services and assessment of information and technology risks, using established control frameworks.
• Knowledge and Expertise: Stay abreast of emerging information and technology risks, new regulations, laws, and technology requirements, supporting the Risk function to be a trusted source of expertise on technology risk related matters

Core Competency Requirements

• Technology risk leader, who is hands-on, proactive and demonstrates a strong, collaborative, team first mentality.
• Ability to form independent technology risk views, respectfully challenge business unit’s technology risk assessments and mitigations/control activities and creatively develop approaches and solutions for complex issues.
• Advanced knowledge of risk management and governance frameworks, standards and methodologies (e.g. COSO, ISO31000, NIST RMF, COBIT, ITIL)
• Advanced knowledge of technology risk concepts including cross industry frameworks (e.g. NIST CSF, CIS, CCM, ISO 27001/27002/27018, OWASP, SANS, NIST 800-53, AICPA SOC 1 & 2, DCAM)
• Advanced knowledge of risk/control identification, control testing, audit sampling techniques
• Exceptional verbal and written communication skills, in particular, the ability to produce value-driven, clear, concise and high impact reporting for consumption by executive management, board and audit committees.
• Strong leadership and decision-making skills.
• Exceptional communication, consulting, and influencing abilities.
• Superior presentation and facilitation skills for various audiences.
• Strong team player with excellent collaboration and problem-solving skills.
• Effective time management and organizational capabilities to manage multiple tasks and changing priorities.
• Knowledge of regulatory environments and industry best practices.
• Familiarity with IT Assurance, IT audit, information security, risk management, and compliance.

Experience Requirements

• 10+ years of experience in technology risk and/or technology audit role with a strong technical background.
• Strong core foundation experience in fundamental cloud technologies and services.
• Education at the bachelor level in Computer Science or equivalent technology risk related experience.
• One or more industry recognized information professional designations (e.g. ISACA Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), ISC Certified Information Systems Security Professional (CISSP)).
• Extensive experience with building and reporting on Key Performance Indicators (KPI), Key Risk Indicators (KRI) and establishing thresholds with corrective actions.
• Excellent understanding of information security concepts, protocols, industry best practices and strategies.
• A strong understanding of the business impact of security tools, technologies, and policies.
• Experience working with stakeholders from across the organization including security information and IT risk, legal, audit, fraud investigation and compliance staff.
• Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment.
• Superior leadership, collaboration, and interpersonal skills with a demonstrated ability to work effectively and build consensus in a multi-functional team environment.
• IT Audit experience in the Financial Services industry would be an asset.

Please visit our career page by clicking on the following link: https://www.mackenzieinvestments.com/en/careers 

We thank all applicants for their interest in Mackenzie Investments; however, only those candidates selected for an interview will be contacted.  

Mackenzie Investments is an accessible employer committed to providing a barrier free recruitment experience. If you require an accommodation or this information in an alternate format at any stage of the recruitment process, please reach out to the Talent Acquisition team who will work with you to meet your needs.  

Please apply by February 17, 2025 . 

#LI-JS2 

#LI-Hybrid