Sr. Director Technology Risk and Governance (6 month contract)

Why you’ll love working here:

• high-performance, people-focused culture

• our commitment that equity, diversity, and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selves

• learning and development initiatives, including workshops, Speaker Series events and access to LinkedIn Learning, that support employees’ career growth

• membership in HOOPP’s world class defined benefit pension plan, which can serve as an important part of your retirement security

• competitive, 100% company-paid extended health and dental benefits for permanent employees, including coverage supporting our team's diversity and mental health (e.g., gender affirmation, fertility and drug treatment, psychological support benefits of $2,500 per year, parental leave top-up, and a health spending account).

• optional post-retirement health and dental benefits subsidized at 50%

• yoga classes, meditation workshops, nutritional consultations, and wellness seminars

• the opportunity to make a difference and help take care of those who care for us, by providing a financially secure retirement for Ontario healthcare workers

Job Summary

The Senior Director for Technology Governance, Risk and Compliance (GRC) sets the vision and strategy along with providing direction, management and coordination of all IT Governance, Risk and Compliance (GRC) activities as aligned in the three lines of defense Risk management model within the organization. This role resides within HOOPP’s Project Management Office and Governance (“PMO & Governance”) reporting directly to VP, IT PMO and Governance. PMO & Governance is one of six groups within the Information Technology Division of HOOPP.

This role will direct and lead the establishment and maturity of the IT Risk Management landscape for the organization by delivering, optimizing, and maintaining HOOPP’s IT Risk Program in partnership with other divisions across the three lines of defense model and leading multiple teams, remediation activities or plan and execute projects through effective management of a team of Directors, and Sr Managers who are accountable of below streams:

• IT Risk Management and Governance (including Disaster recovery)

• IT Audit Programs, working closely with internal/external auditors, overseeing ITGC testing and remediation plans.

What you will do:

• Set the vision and provide oversight, leadership and strategic direction for the development and execution of HOOPP’s IT Risk Programs (based on current and emerging risks) and manage key strategic relationships.

• Monitor and report on the status of IT GRC strategies and plans.

• Ensure effective collaboration with teams in the 3 Lines of Defense and maintain alignment across multiple technical and non-technical teams.

• Provide leadership to test the design and operating effectiveness of Internal IT General Controls, overseeing the development of annual internal controls testing plans and resolution of deficiencies in a timely and effective manner.

• Report to senior management on IT risk profile (and when applicable to the Board).

• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to current and emerging threats against HOOPP’s business.

• Comprehensive knowledge of key risk imperatives, technology landscape, and emerging best practices in risk management.

• As a change agent, you will lead significant organizational transformation initiatives and driving sustainable change within a complex, regulated financial institution.

• Ensure IT risk initiatives are effectively implemented by collaborating with and gaining buy-in with stakeholders and leaders within IT and business teams across HOOPP.

• Lead the development and execution of IT Risk Management training and awareness programs across IT and HOOPP

• Lead the team in measuring and effectively reporting on IT’s Risk profile to various stakeholders such as IT leadership to support decision making.

• Provide oversight on the management of remediation plans that result due to design and/or operating effectiveness deficiencies.

• Lead the development of KRIs (Key Risk Indicators) and other operational risk metrics for the IT division, communicating them effectively to HOOPP’s leaders, committees and the Board.

• Bring visibility and transparency of IT risk program work and results and communicate business value of the program to the rest of the organization.

• Oversee the development, review and revisions of technology-related policies, standards and guidelines in accordance with best practices, along with the development of respective training and awareness strategy to ensure that HOOPP understands its obligations under these documents.

• Proficiency in leading the creation of policies, standards, controls and processes ensuring adherence to financial and regulatory requirements, such as FSRA (Financial Services Regulatory Authority), CDCC (Canadian Derivatives Clearing Corporation) and others across HOOPP including investment management

• Minimizes the risk of non-compliance penalties for IT systems, allowing decision-makers to focus on investment strategies rather than regulatory disruptions

• Assess and mitigate risks related to technology systems and digital tools supporting investment management and other divisions as needed

• contribute to the alignment of IT risk management strategies and organization’s long-term objectives (including Investments) and growth plans

• Ensures risk mitigation strategies directly support decision-makers in achieving HOOPP’s financial and operational goals

Skills and Experience Required:

• Bachelor’s degree in Business, Accounting, Computer Science, Information System, Engineering.

• A professional designation in accounting (CPA) or internal auditing (CIA)

• 15+ years of experience in IT Governance, IT Risk & Compliance, IT Audit, external/internal audit, SOX 404/ NI 52-109 compliance and internal controls over financial reporting (ICFR), including IT risk and controls, in the financial services industry or public accounting with emphasis on pensions, private investments, real estate and capital markets.

• A minimum of 8 years of management experience leading multiple teams/groups, managing performance/hiring, and managing capital budgets and expenses.

• Strong knowledge of Capital and Private Markets, Investments, and related risk management/ compliance/ operations functions would is a must have.

• Superior project management experience, along with experience building decks, dashboards, and reports to communicate and advise multiple audiences including but not limited to IT teams, IT Leadership and HOOPP’s Senior Management.

• Expert knowledge of Technology, and risk management frameworks, (such as ISO 27001, NIST, COSO and COBIT), leading compliance and risk assessments, designing controls, and overseeing mitigation projects.

• High degree of motivation and commitment, initiative, methodical approach and organizational skills to manage priorities, multitask, and adapt to changes with accountability to deliver and lead high quality work end to end.

• You have one or more of the following professional designations, Certified Information Systems Auditor Designation (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA). PMP certification is considered an asset.

• Excellent verbal and written communication skills, especially communicating across all levels and cross functional teams both technical and non-technical.

• Experience in developing and reporting performance and risk metrics, such as KPIs, KRIs, SLA’s reporting and dashboards for executive leadership teams.

• Experience leading the development and review of IT governance documents such as policies, standards and procedures along with leading teams to design and operate internal IT controls and risk frameworks.

• Experience with data analytics, visualization, and reporting software (Ex. PowerBI) is considered a plus. Experience with Service Now GRC platform is preferred.

• Knowledge of public cloud infrastructure (Azure and AWS) and Databases (SQL and ORACLE) is preferred.

• Experience working in an agile environment (software development, infrastructure, and shared services).