Associate Director, Insider Risk Governance, Risk

**Job Summary**

**What is the opportunity?**

As we continue to evolve our enterprise Insider Risk (IR) program, the **Associate Director, Insider Risk Governance, Risk & Compliance (GRC)** will play a critical role in ensuring the program is governed with integrity, compliant with regulatory and internal standards.

This role leads the design and implementation of governance frameworks, processes, and controls that reduce insider risk exposure and enable sustainable program delivery. You’ll work closely with Insider risk leads and cross-functional stakeholders including Legal, Privacy, Compliance, Internal Audit, and Enterprise Risk to help manage and meet Standards.

This is a unique opportunity to shape an emerging function with global reach while providing critical risk intelligence and control assurance to protect data, people, and ongoing operational functions.

**What will you do?**
- ** Lead GRC Framework Development**:
Develop and implement a governance, risk, and compliance (GRC) framework focussing on insider risks while ensuring alignment with enterprise risk management, regulatory obligations, and corporate security strategies.
- ** Policy & Control Management**:
Create and maintain playbooks and procedural guidelines, ensuring they are consistently aligned with enterprise policy and standards, and applied and embedded across business functions.
- ** Risk Assessment & Mitigation**:
Work with insider risk and program teams to help assess and collaborate with key stakeholders to identify control gaps while tracking mitigations until resolved.
- ** Audit & Regulatory Engagement**:
Serve as the primary liaison for audit, regulatory, and control partners regarding the Insider Risk Program. Manage evidence collection, operations, reporting, remediation tracking and reviews of metrics and assessments.
- ** Compliance Oversight**:
Monitor adherence to relevant privacy, data protection, and cybersecurity regulations (e.g., ISO 27001, NIST, GDPR, OSFI B-16), ensuring timely updates to processes and documentation.
- ** Incident Management Support**:
Partner within and cross functional teams to ensure risk are tracked ensuring corrective actions, root cause analysis, and lessons learned are captured and implemented.
- ** Third-Party Risk Alignment**:
Work with Vendor Management and Supplier Risk functions to ensure insider risk requirements are incorporated into third-party oversight frameworks and contractual controls.

**What do you need to succeed?**

**Must-have**:

- 5+ years of experience in governance, risk, and compliance (GRC), within corporate security, operational risk, or cyber risk programs.
- Deep knowledge of risk management methodologies and compliance frameworks, such as ISO 27001, NIST, SOC 2, and GDPR.
- Experience in leading cross-functional governance initiatives and managing risk assessments in large, regulated organizations.
- Strong track record managing regulatory and audit engagements.
- Familiarity with enterprise-level GRC and supplier risk tools (e.g., Archer, ServiceNow, RSA, or similar).
- Excellent interpersonal, written, and verbal communication skills with the ability to engage and influence senior leaders.

**Nice-to-have**:

- Knowledge of insider risk domains, technologies, or behavioral analytics.
- Professional certifications such as CRISC, CISM, CISSP, CIPP, or PMP.
- Experience working in a matrixed organization with global teams and varied regulatory jurisdictions.
- Exposure to data analytics and reporting tools to support control monitoring and KPI tracking.

**What’s in it for you?**

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.
- A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
- Leaders who support your development through coaching and managing opportunities
- Ability to make a difference and lasting impact
- Work in a dynamic, collaborative, progressive, and high-performing team
- A world-class training program in financial services
- Flexible work/life balance options
- Opportunities to do challenging work

Li-Post

LI-Hybrid

**Job Skills**

Data Gathering Analysis, Effectiveness Measurement, Ethical Business, Fraud Management, Internal Controls, Long Term Planning, Process Management, Results-Oriented, Risk Management, Strategic Thinking

**Additional Job Details**

**Address**:
330 FRONT ST W:TORONTO

**City**:
TORONTO

**Country**:
Canada

**Work hours/week**:
37.5

**Employment Type**:
Full time

**Platform**:
TECHNOLOGY AND OPERATIONS

**Job Type**:
Regular

**Pay Type**:
Salaried

**Posted Date**:
2025-04-09

**Application Deadline**:
2025-04-30

**I**nclusion** and Equal Opportunity Employment**