AVP, IT Compliance Risk and Audit
AVP, IT Compliance Risk and Audit
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 152000 - 242000
1 Vacancy
Job Description
You have a clear vision of where your career can go. And we have the leadership to help you get there.At CNA we strive to create a culture in which people know they matter and are part of something important ensuring the abilities of all employees are used to their fullest potential.
The AVP Global IT Compliance Risk and Audit role leads the execution of our technology risk strategy across globally. This senior leadership role is responsible for aligning regional risk practices with global frameworks ensuring regulatory compliance and driving continuous improvement in risk posture through automation governance and cross-functional collaboration.Demonstrates Technology risk management regulatory engagement and control assurance with a proven ability to influence and hold senior stakeholders accountable and lead through change in a complex global environment.
JOB DESCRIPTION:
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
Serves as the senior global authority on technology risk and compliance representing the local regions in global risk forums and regulatory engagements.
Provides and guides strategic direction to senior technology and business leaders on risk implications of technology initiatives and transformation programs.
Leads the regional implementation of the global PRC (Process Risk Control) framework ensuring alignment with enterprise risk appetite and regulatory expectations. Partners with the global GRC team to ensure timely and effective implementation of risk and compliance changes.
Oversees regional Technology risk assessments mitigation strategies and risk profiling across infrastructure applications and business processes.
Ensures adherence to cybersecurity frameworks (e.g. ISO 27001 NIST CIS) and regulatory mandates (e.g. SOX GDPR OSFI DORA).
Understands changes to the regulatory landscape for the regions and communicate such changes globally creating awareness and lead required implementation. Ensures regions identify any control gaps and collaborate with the global team to address and implement controls.
Leads the continuous monitoring of technology controls and real-time reporting of deficiencies.
Drives the adoption of the use of the GRC platforms (e.g. ServiceNow) within all regions to enhance visibility and operational efficiency. Drives automation of compliance workflows and control testing to reduce manual effort and increase assurance coverage.
Coordinates and liaises with global team to ensure audit readiness and execution for internal and external audits acting as the primary liaison with auditors and regulators for the regions. Ensures timely and accurate reporting on control effectiveness remediation progress and regulatory compliance metrics for the regions.
Direct regional efforts to identify and remediate End-of-Life (EOL) and End-of-Support (EOS) technology assets. Collaborate with global and regional infrastructure and application teams to manage lifecycle risks and reduce technical debt.
Domestic and international travel expectations 20%
May perform additional duties as assigned.
Reporting Relationship: Typically reports to VP and above
Skills Knowledge & Abilities
Deep knowledge of Technology risk frameworks (e.g. NIST ISO 27001) regulatory standards (e.g. SOX GDPR DORA OSFI PIPEDA) and audit practices.
Strong executive presence with the ability to influence and communicate effectively at all levels of the organization.
Experience with GRC platforms (preferably ServiceNow IRM) and control automation technologies.
Proven experience with Technology Governance and risk functions with a focus on identifying assessing and mitigating Technology risks within a corporate environment.
Experience in collaborating with cross-functional teams including Technology security compliance and business units to drive risk management initiatives
Experience with technology process risk and control framework
Education & Experience
Bachelors or masters degree in information technology Cybersecurity Risk Management or a related field.
10 years of progressive experience in technology risk Technology governance or cybersecurity leadership roles.
Demonstrated success in leading regional or global risk programs within a complex regulated enterprise.
Technology Risk and Compliance Audit or Quality certifications preferred (e.g. CISSP CISM CISA CIA CRISC CGEIT CIAC ISO etc.).
#LI-GV1
#LI-Hybrid
In certain jurisdictions CNA is legally required to include a reasonable estimate of the compensation for this District of Columbia California Colorado Connecticut Illinois Maryland Massachusetts New York and Washington the national base pay range for this job level is $152000 to $242000 determinations are based on various factors including but not limited to relevant work experience skills certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees and their family members achieve their physical financial emotional and social wellbeing goals. For a detailed look at CNAs benefits please visit.
CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation please contact
Required Experience:
Exec
Employment Type
Full-Time
