Information Technology Program Manager

IT Program Manager – 3 (Trade Risk Assessments, Trade Risk Management and cyber security SME)

Location Address: 40 King Street W 11th Floor – onsite 3x/week

Contract Duration: 1 year

Possibility of extension and conversion to FTE

This role is crucial in fostering a robust risk culture and driving continuous improvement, contributing to the development and implementation of comprehensive risk management policies, standards, and controls. As part of the second line of defense, the Cybersecurity and IT Risk team provides Independent Risk Oversight (IRO) and challenge, and assists in developing methodologies, policies, processes, and tools to support the Cyber and IT Risk Management Framework.

Must Have Skills:

1. 5+ years of experience as a Program manager with IT risk management (e.g. Logical Access, Data Leakage, Disaster Recovery)

2. 5+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk assessment and control evaluation

3. Demonstrated expertise in regulatory compliance, risk management frameworks, and industry best practices (e.g., NIST, ISO, FFIEC, GDPR)

4. Proficiency in data security, risk management & controls, security governance, data analytics, and analytical thinking, with a track record of implementing effective risk mitigation strategies

5. 2+ years of experience in IT Audit (eg. Application controls, pervasive controls, issue management)

Nice-To-Have Skills:

-Experience with Cybersecurity Risk Management

-FI experience (experience in big 4 consulting firms)

-Industry certifications (e.g. CISSP, CISA, CISM, CRISC)

-Advanced knowledge of relevant regulatory rules (OSFI, FFIEC, NYDFS 500) and frameworks (COBIT)

Education: post-secondary degree/diploma in Computer Science, Computer Engineering, or related field

Best VS. Average Candidate:

• Strong understanding of IT risk management frameworks in a global banking environment.

• Able to convey complex concepts and ideas on issues requiring interpretation and opinion.

• Maintain in-depth knowledge of cyber and IT risks and controls across various information system architecture and engineering domains, such as data protection, application security, identity and access management, vulnerability management, change management, network security, endpoint security, logging and monitoring, and incident management. Stay actively engaged in the industry on the latest in cyber risk and emerging operational risks.

Candidate Review & Selection

1-2 rounds

1st – HM + Director – 45 mins – in-person (40 king street, 11th floor, meet candidates in lobby)

-IT risk/issue management assessment will be given during the interview (not a take home assignment)

2nd – HM + Director – 30 mins – MS Teams Video

Regards

Deepthi R

Sr. Technical Recruiter

‬