Risk Senior Specialist, IT Risk & Compliance

You are as unique as your background experience and point of view. Here youll be encouraged empowered and challenged to be your best self. Youll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day youll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals families and communities around the world.

Job Description:

Role Summary

The Risk Senior Specialist IT Risk & Compliance will have accountability to support data quality risk reporting identification assessment and mitigation of IT risks across the Digital Business & Technology Solutions (DBTS) business group. The role will report to the Director Risk Management within a larger team that provides Governance Risk and Compliance services to Enterprise Services globally.

What will you do

Reporting and Governance

• Risk Control Self Assessments (RCSA): Assist with the identification evaluation and assessment of information technology risks through RCSA process across DBTS. Monitor and report on status of any mitigating action plans.
• Key Risk Indicators (KRI): Working alongside program lead on developing monthly/ quarterly reporting and ensuring DBTS KRIs are updated monitored and reported on.
• Support the development and maintenance of organizational reporting particularly as it pertains to supplier risk.
• Stakeholder Communication: Contribute to the quarterly risk committee report for DBTS executive team. Report regularly to senior leadership and other stakeholders on the current state of IT risks mitigation efforts and any new threats or vulnerabilities as needed.
• Collaboration: Work closely with Sun Life second-line risk teams to ensure a comprehensive view of IT risks across the enterprise.
• Operational Risk Events (ORE):Working alongside program lead to ensure that operational risk events are reported tracked actioned and closed.

Technology

• Day to day management of the Governance Risk and Compliance tool used to support DBTS controls waivers and accepted risks. Ensure that the Corporate Risk systems are updated with relevant RCSA ORE and KRI data.
• Create maintain and recommend automation tools to enable risk control and process information to support risk management processes.

Business Partner Relationship Management

• Assist in facilitating supplier risk processes (e.g. risk reviews continuous improvement etc.)
• Provide guidance internally on the requirements of various risk programs.
• Provide guidance and support for all organizational supplier governance risk and management requirements.

What you need to succeed:

• University degree in business computer science or general ITCyber security related.
• 3-5 years of experience in reporting and data analysis.
• 3-5 years experience in risk and supplier management.
• Strong background in IT security governance compliance and risk management frameworks.
• Advanced Excel skills (macros V-lookup & Pivot tables)
• Professional certifications such as CISSP CISM CRISC or other relevant certifications are assets.

Preferred Skills:

• Good understanding of supplier risk records management business continuity privacy and information management
• Strong verbal and written communications skills - must have the ability effectively present
• Strong consulting and relationship management skills recommendations
• Strong aptitude towards process development and documentation
• Strong client service orientationac
• Excellent interpersonal skills
• Extensive knowledge of IT risk management cybersecurity principles and compliance standards.
• Experience in crisis management and incident response.
• Familiarity with risk management frameworks such as NIST ISO 27001 COBIT and ITIL.
• Experience with insurance banking or other financial services environments is preferred.
• Experience with ServiceNow and RSA Archer is an asset
• Excellent communication and interpersonal skills with the ability to communicate complex technical concepts to non-technical stakeholders.
• Strong analytical problem-solving and decision-making skills.

Work Environment

• Ability to work in a fast-paced evolving environment.
• Flexible work hours may be necessary during periods of critical incidents or project deadlines.
• We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

Job Category:

Posting End Date: