Manager, IT Risk

Questrade Financial Group (QFG) of Companies is committed to helping our customers become much more financially successful and secure.

We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.

This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, there are flexible working arrangements so you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at Questrade.

We’re looking for our next Manager, IT Risk & Governance Oversight. Could it be you?

Community Trust Company (CTC) is a member of the Questrade Group of Companies (QFG), which currently includes Questrade Inc., QuestEnterprise, Questrade Wealth Management Inc., CTC, Thinknsure Ltd., and Zolo Ventures Ltd.

What’s in it for you as an employee of QFG?

• Health & wellbeing resources and programs
• Paid vacation, personal, and sick days for work-life balance
• Competitive compensation and benefits packages
• Hybrid and flexible work arrangements
• Career growth and development opportunities
• Opportunities to contribute to community causes
• Work with diverse team members in an inclusive and collaborative environment
• What’s it like working as a Manager, IT Risk & Governance Oversight at Community Trust Company?

What’s it like working as a Manager, IT Risk & Governance Oversight at Community Trust Company?

Reporting to the Sr Manager – Operational Risk Management, the Manager - IT Risk & Governance Oversight will play a key role in monitoring the management of IT and Cyber related risks.

The responsibilities include working with the IT and Cybersecurity service providers, teams across the three lines of defence, and other stakeholders to design, implement and maintain an IT Risk Management Framework and associated processes that are aligned with CTC’s Enterprise Risk Management Framework and enterprise goals, and are conducive to the IT services management arrangements in place. The incumbent will assess IT controls, provide effective challenges to the first line activities, report regularly on quality performance and provide recommendations to enhance the overall security and resilience of the company's IT & Cyber Security posture.

While the successful candidate will operate as part of the Risk Management team. They will also be the subject matter expert on all IT & cyber areas and will be required to collaborate and provide guidance on the areas to the internal and external stakeholders, and service providers, when needed.

• In this role, responsibilities include but are not limited to:
• Develop and maintain the IT risk management framework, policies, and guidelines to ensure compliance with industry standards and regulatory frameworks.
• Collaborate with cross-functional teams to assess and evaluate IT and cyber controls, identify potential vulnerabilities, and recommend appropriate risk mitigation measures.
• Conduct periodic risk assessments and gap analyses to identify areas of technology risk exposure, such as cybersecurity threats, data breaches, system vulnerabilities, and compliance issues.
• Evaluate and manage third-party vendors and service providers to ensure they meet the institution's security requirements and standards.
• Monitor and review IT risk indicators, including Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), to identify emerging risks and provide timely challenge to the first line and reporting to senior management.
• Review, report and provide effective challenges to the status and performance of IT services and first line reporting.
• Collect, analyze and aggregate IT performance and risk metrics for reporting and internal control validation and attestation.
• Develop dashboards and other visualizations to present IT risk in various aspects of the business.
• Collaborate with other risk teams to provide IT risk evaluation and management support in their respective processes, such as due diligence process while onboarding a vendor etc.
• Stay up-to-date with industry best practices, regulatory requirements, and emerging trends in IT risk management to ensure the organization's risk mitigation strategies are effective and in line with industry standards.
• Collaborate with internal audit and other teams to support IT audits and regulatory findings, and regulatory compliance assessments, providing expertise on IT risk-related matters.
• Develop and deliver training programs and awareness campaigns to enhance the organization's IT risk management culture among employees.
• Assist in incident response and investigation activities related to IT risk incidents, ensuring appropriate actions are taken to prevent reoccurrence.
• Build and maintain effective relationships with key stakeholders, including IT teams, first and second line business units, and external partners, to promote a collaborative approach to IT risk management.
• Monitor, challenge and communicate key cybersecurity metrics.
• Report and advise senior management on risk levels and security posture.
• Apply expert knowledge of industry trends and quality assurance to help Community Trust improve its processes and efficiency of IT related oversight controls.

So are YOU our next Manager, IT Risk & Governance Oversight? You are if…

• A university/college degree in information technology, information security or related fields
• Minimum 5 years of experience in a similar role, preferably within the financial services industry
• Holds industry recognized certifications such as CRISC, CISA, CISM, CISSP, ISO 27K, or actively working towards them
• Experience in conducting maturity assessments, control assessments and control testing
• Experience and a good understanding of regulations related to card payments, such as PCI-DSS (good to have)
• Understanding of a broad set of industry best practices (COBIT, ITIL, NIST, ISO)
• Experience in working with an OSFI regulated entity
• Understanding of applicable Canadian regulations
• Strong understanding of identity and access management systems and controls
• Good written, oral and interpersonal communication skills and keen attention to detail

#LI-PD1 #LI-hybrid

At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.

Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.