Manager, Technology Governance – Controls

📋 Description

• Conduct information risk assessments in accordance with global methodologies, policies, and standards for both new and existing tools, technologies, and business sectors.

• Suggest new or improved security controls to enhance overall enterprise security.

• Work alongside developers, engineers, and support teams to implement and automate security controls, including cloud and container security within CI/CD pipelines.

• Execute and maintain Risk and Control Self-Assessments (RCSAs) by assessing control design and effectiveness, identifying gaps or emerging risks, and collaborating with Subject Matter Experts (SMEs) on remediation and documentation updates.

• Create and support corrective action plans for essential controls or measures where deficiencies are identified.

• Collaborate with ETS cloud, architecture, IT Asset Management, Infrastructure, Line 2, and control owners to ensure the effective execution of risk processes and alignment with enterprise governance standards.

• Partner with Line 3 Audit and SMEs to gather and validate evidence, coordinate audit responses, challenge findings, and monitor deliverables throughout the audit lifecycle.

• Oversee, manage, and enhance the organizational technology risk management program, including reporting the program status and key risk metrics.

• Review and keep current knowledge of Information Risk Standards and Technology Risk Policies.

⛳️ Requirements

• A minimum of 5 years of progressive experience in Technology Risk, Information Security, or IT Infrastructure/Architecture.

• Strong understanding of cybersecurity and technology risk domains, including risk assessment, incident response, network security, cloud security, and regulatory expectations.

• Familiarity with regulatory and industry frameworks such as OSFI B-13, NIST CSF, ISO 27001, CIS Controls, SOC 1/SOC 2, and Cyber/Tech Risk Management practices.

• Practical experience with platforms like Archer, Jira, Confluence, and ServiceNow.

• Strong understanding of cloud environments, with Azure required and AWS as a plus.

• A university degree in Computer Science, IT, Risk Management, or a related field; professional certifications (CISSP, CISA, CRISC, CISM) are preferred.

🏝️ Benefits

• Health insurance

• Dental insurance

• Mental health support

• Vision insurance

• Short- and long-term disability insurance

• Life and AD&D insurance coverage

• Adoption/surrogacy benefits

• Wellness benefits

• Employee/family assistance plans

• Retirement savings plans including pension and employer matching contributions

• Financial education and counseling resources

• Generous paid time off program including holidays and personal days