Team Lead, Technology Risk and Control

Team Lead, Technology Risk and Control

Department: IT Security and Governance, Information Technology Operations and Security Division

Type: 12 Month-Contract

Location: Toronto (Hybrid)

Posting Date: February 9, 2026

At OPTrust, paying pensions today, preserving pensions for tomorrow is our mission and business.

When you choose OPTrust, you join a team of smart, talented people who fuel our success and have a passion for pensions. Everyone at OPTrust – in Toronto, London and Sydney – makes a meaningful impact. Our culture is driven by team members with different backgrounds and perspectives creating an inclusive and fulfilling place to work for everyone. We work in a fast-paced environment, but we find time to have fun and give back to the community.

What OPTrust Offers You

• Unique culture rooted in our core values – collaboration and teamwork, integrity, respect, flexibility, excellence and continuous improvement. 

• A purpose-driven environment where we all work towards the common goal of paying pensions today and preserving pensions for tomorrow. 

• A flexible, hybrid work model. 

• Benefits package after six months of consecutive employment.

• Optional membership in our world-class defined benefit pension plan. 

• A dedicated inclusion, diversity and equity strategy with meaningful opportunities to participate, including our employee-led resource groups. 

About the role

This role is responsible for Governance, Risk and Compliance (GRC) initiatives in ITOS division, including, developing and maintaining ITOS risk management processes, leading audit and compliance activities related to IT and security operations, and leading the ITOS Change Management process. The incumbent will develop and enhance IT General Control (ITGC) review programs, maintain and regularly review policies, procedures, process flows and documentation, identify internal control gaps that should be remediated, and monitor the remediation of control deficiencies.

What you'll do

Leadership and Governance

• Lead and mentor a small team, provide guidance and support, delegate tasks effectively, and conduct regular team meetings to discuss ongoing projects, share insights, and address any challenges or concerns.

• Propose and implement improvements to internal controls, collaborating with teams to align with IT and security processes, and contribute to the documentation of related processes and baseline standards.

• Leads the implementation, maintenance, and communication of the ITGC related policies, procedures, and programs, and performing ongoing reviews to be consistent with actual practices.

• Responsible for tracking all vendor agreements and documentation and the measurement of vendor performance against SLAs to ensure contractual terms are met and continuous improvement.

• Advises and educates others on internal controls and security procedures.

• Leads operational activities, communicates procedures and engages vendors where applicable.

• Prepares and delivers ITOS divisional performance reporting.

• Responsible for researching leading-edge technologies, technology standards and best practices to identify process improvement opportunities for the IT teams.

Audit and Compliance

• The point of contact between the external auditor and ITOS team, lead, plan, execute, and manage IT and security-related audit activities, collaborate with internal and external stakeholders including but not limited to collecting evidence, explaining business processes, performing audit test and proposing remediation action plans. 

• Leads, and conducts regular internal audits of information systems, applications, and IT processes, prepares working papers to document the work performed to ensure that appropriate controls exist, and that information produced by the system is accurate.

• Prepares reports and recommendations for management on the results of information systems audits.

IT and Security Risk Management

• Develop, implement, and maintain a comprehensive ITOS risk management process to identify, assess, and prioritize ITOS risks.  Collaborate with cross-functional teams to ensure that IT risk assessments and mitigation align with business objectives and regulatory requirements.

• Responsible for managing the technical risk database.

Change Management and Process Enhancement

• Leads the review, development, evaluation, maintenance and implementation of IT General Controls, and business controls in collaboration with the incumbent's manager to ensure the proper cadence and review are being adhered to as well as to ensure the controls are within corporate objectives and meet the government-mandated standards. 

• Implements the change management process, including organizing the Change Advisory Board (CAB) meetings, reviewing and analyzing Request for Change (RFC), communications, stakeholder engagement, business processes and training plans, identify risks, and devise contingency plans, as required.

• Works with internal ITOS managers to ensure agreed upon process controls are in place and functional as designed.

What you bring

• Post-secondary education in IT, Business Processes, Information Technology, or similar fields.

• Holds one or combination of professional designation in IT audit or IT risk management such as CRISC, CISA, CIA, CISSP.

• 5+ years of experience in IT Audit, IT Governance, IT General Controls, Application Controls and IT Risk Management.

• Demonstrated experience in leading and managing ITOS audit activities, IT risks and security risks management, change management, project management, IT governance, and compliance, specifically in developing IT. policies, procedures, and audit work programs.

• Knowledge of IT Governance, IT Audit, Cyber Security Operations, audit requirements, IT and security Standards, IT General Controls and Control Assessments.

• Knowledge of NIST CSF, IT Risk Management Framework, COBIT, COSO framework, SOC 2, ISO 27001 and ITIL Foundations would be an asset, Exposure to financial industry business processes, enterprise and operational risk principles and practices.

• Proven technical knowledge of IT platforms, ITGC and application control testing, networks, operating systems, databases, security, privacy and business applications.

• Deadline-driven and results-oriented, able to meet consistently high-quality standards while handling a variety of tasks and deadlines simultaneously.

• Demonstrated proficiency with document and records management software, preferably Content Server and Office 365 (e.g. OneDrive, PowerBI, SharePoint, Flow, Visio, PowerApps, Project).

• Proven understanding of the IT infrastructure and functions with exceptional data analytical, interpersonal and communication skills.

• Detail oriented and possess a practical problem-solving approach to everyday matters.

• Effective organizational skills and ability to establish priorities and meet deadlines.

• Knowledge of pension, finance and investment processes is an asset.

• Experience in policy and procedure development, process and workflow documentation, IT audits, change management, access management, or other IT operational activities with a focus on compliance and internal controls.

• Experience in auditing large enterprise IT implementations with knowledge of project methodologies, project controls and ability to effectively work with cross functional project teams.

• Exceptional written and oral communication skills.

• Exemplify OPTrust's values: collaboration and teamwork, integrity, respect, flexibility, excellence, and continuous improvement.

This posting is for an existing vacancy.

The range of expected compensation for this position is $125,456 to $154,517 per year.

Please submit your application via Workday by February 23, 2026.

Serving a membership as diverse as ours and investing in a global market means cultivating an environment that embraces inclusion, diversity, and equity in everything we do. OPTrust is an organization engaged in building on our unique and diverse strengths. We know a diversity of backgrounds, cultures, gender identities and perspectives are critical to achieving our shared goals.

If you require accommodation at any time during the recruitment process, please send a message to , or discuss your needs with the Talent Acquisition Consultant during the telephone screening. We will do our best to work with you and provide appropriate accommodation.

As an organization we're seeking ways to respond to the Truth and Reconciliation Commission of Canada's Call to Action 92. We are working with the Canadian Council for Indigenous Business to build bridges with Indigenous communities and partners, and we have created an employee-led Reconciliation Working Group that will work with Indigenous experts to identify a path to reconciliation for our organization.

We thank all interested applicants, however only those under consideration will be contacted.