Director, IT Risk, Compliance

The Director, reporting to the VP of Information Security & CISO, will be responsible for designing and overseeing governance frameworks to proactively identify, assess, and manage technology risks. The director will also drive enterprise IT compliance and internal controls programs to safeguard our assets against threats and meet compliance obligations.

This is a high-impact leadership role that collaborates with executives, IT leaders, risk, audit, and compliance partners across the organization to enable a security risk-informed culture.

**The Director, IT Risk, Compliance & Security Assurance will**:
**IT Risk Management & Governance**:

- Lead, develop, and execute the IT risk management and governance frameworks
- Align IT risk governance with Enterprise Risk Management (ERM) programs
- Facilitate IT risk assessments, mitigation planning, and ongoing risk monitoring
- Maintain a centralized IT risk registry with defined ownership and remediation tracking
- Provide risk governance reporting to senior leadership and stakeholders

**IT Compliance & Security Assurance**:

- Oversee IT compliance with regulatory, contractual, and legal requirements
- Lead IT responses to audits, assessments, and reviews by regulators or third parties
- Manage the IT compliance certification program and stakeholder awareness
- Partner with Legal and Compliance teams to align requirements and remediation efforts

**Information Security Assurance**:

- Champion a formal security assurance program that includes control testing, evidence collection, gap analysis, and remediation
- Validate security controls aligned to industry frameworks such as ISO, NIST, and COBIT
- Partner with architecture and infrastructure teams to confirm control effectiveness
- Provide security assurance to third-party risk management and vendor due diligence

**Internal Controls Management**:

- Maintain IT internal controls framework and ensure alignment with policies and standards
- Implement and maintain security policies, standards, and control libraries across IT
- Partner with business and technology to conduct RCSAs and document identified risk

**Reporting & Governance Oversight**:

- Report on IT risk, compliance, and security assurance to executive leadership
- Support governance forums and committees with risk insights and recommendations
- Track and report on key performance indicators (KPIs) and key risk indicators (KRIs)

**Continuous Improvement & Professional Engagement**:

- Monitor emerging security threats and regulatory trends in IT risk and cybersecurity
- Engage with industry networks and professional groups to bring in best practices
- Foster a culture of continuous improvement, transparency, and accountability

**To be successful as a Director, IT Risk, Compliance & Security Assurance with People Corporation, you will need**:

- Leadership & influence: able to lead cross-functional teams and foster collaborations
- Governance & strategy: able to design and implement enterprise governance structures
- Execution & accountability: deliver results under pressure with competing priorities
- Communication: able to communicate effectively in both business and technology context
- Analytical judgment: drive action, assess risk, and guide strategic decisions
- Integrity: demonstrates high ethical standards and professionalism
- Degree or diploma in Information Security, Computer Science, or a related field
- Industry certifications such as: CGEIT, CISA, CISM, CISSP, CRISC
- Proven experience in IT risk, compliance, governance, and security assurance programs
- Strong knowledge of control frameworks (e.g., COBIT, ISO 27001/2, NIST, ITIL)

**What’s in it for you**:

- Learn by working alongside our experts
- Extended health care and dental benefits
- A retirement savings plan with company contributions
- A suite of Health & Wellness offerings
- Mental Health programs and support for you and your family
- Assistance for the completion of industry designations
- Competitive compensation

At People Corporation we are committed to helping businesses succeed. We are a national provider of benefits, retirement, wealth, wellness, and human resource solutions. Our experts and solutions serve over 20,000 clients representing nearly 3 million Canadians. We offer customized solutions designed to fit the unique needs of businesses and their employees, members and stakeholders.