View all jobs
Risk Manager, Technology Risk-2026-61
Compensation: 70-80/hr
Position Title: Risk Manager, Technology Risk
Job Description:
In the capacity of IT Risk Manager, you will collaborate with the Senior Risk Manager to enhance operational resilience framework. Responsibilities include analyzing operational risk events, overseeing change management risks, and supporting control assessment and testing to validate the design, implementation, and operating effectiveness of key controls.
The successful candidate will support adoption of the OSFI E-21 Operational Risk and Operational Resilience guidelines for critical CXT operations, identify control gaps, document findings, and work with stakeholders on remediation plans, management action plans, and formal risk acceptance where required.
The role will also include developing governance guidelines, operational job aids, and performance dashboards, while integrating operational resilience and control testing activities into broader enterprise risk management programs.
Bachelor’s degree in Business, Information Systems, Accounting, Risk Management, or a related discipline is required.
Certifications
Position Title: Risk Manager, Technology Risk
Job Description:
In the capacity of IT Risk Manager, you will collaborate with the Senior Risk Manager to enhance operational resilience framework. Responsibilities include analyzing operational risk events, overseeing change management risks, and supporting control assessment and testing to validate the design, implementation, and operating effectiveness of key controls.
The successful candidate will support adoption of the OSFI E-21 Operational Risk and Operational Resilience guidelines for critical CXT operations, identify control gaps, document findings, and work with stakeholders on remediation plans, management action plans, and formal risk acceptance where required.
The role will also include developing governance guidelines, operational job aids, and performance dashboards, while integrating operational resilience and control testing activities into broader enterprise risk management programs.
- Direct the analysis of operational risk events to ensure the identification of root causes and the implementation of robust corrective and preventive measures, thereby mitigating the risk of future operational disruptions.
- Evaluate operational risk event impacts in accordance with criteria, ensuring all significant occurrences are reported as operational losses or near misses to fulfill regulatory reporting requirements.
- Review and authorize major IT changes by verifying risk assessments and approving stakeholder-vetted controls for implementation, testing, and contingency planning to ensure successful results.
- Plan, execute, and document control testing to assess the design and operating effectiveness of key controls, identify control gaps, and escalate deficiencies in a timely manner.
- Oversee root cause analysis for failed IT changes to develop preventive strategies and reduce future implementation failures.
- Facilitate OSFI E21 implementation by providing strategic oversight and expert guidance on critical operations mapping, setting disruption tolerances, and managing the development and testing of severe but plausible event scenarios.
- Validate technology and data risks against client appetite, documenting mitigation plans and facilitating formal risk acceptance when required.
- Enhance operational risk analysis, change oversight, and resilience initiatives. Ensure integration with enterprise programs like NIRAP, RCSA, and BCP (BIA, BCP, DRP), while aligning with Third-Party Risk, Cybersecurity, and Regulatory Risk Management.
- Monitor remediation for deficiencies in incident management, change management, or resilience management, ensuring timely resolution and thorough GRC documentation.
- Develop and report on key performance indicators and risk metrics to inform program maturity and decision-making.
- Coach and mentor team members to support development in risk management practices and professional growth.
- Minimum 5–7 years of experience in risk management, IT audit, regulatory compliance, or technology governance roles.
- Demonstrated expertise in control testing, regulatory compliance frameworks, and governance processes.
- Experience leading or supporting the implementation of OSFI Guidelines (e.g., OSFI E 21, B10, B13)
- Strong knowledge of risk management frameworks (e.g., COSO, COBIT, ISO 31000), and governance tools (e.g., Metricstream, Archer, ServiceNow GRC, or equivalent)..
- Exceptional analytical skills with the ability to synthesize complex information and develop clear, actionable insights.
- Strong written and verbal communication skills, with experience presenting findings and recommendations to senior leadership.
- Proficiency in leveraging automation, data analytics, or AI in support of operational resilience program enhancements is considered an asset.
Bachelor’s degree in Business, Information Systems, Accounting, Risk Management, or a related discipline is required.
Certifications
- One or more of the following designations strongly preferred:
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Internal Auditor (CIA)
- Certified Risk Management Assurance (CRMA)
- Certified Information Systems Security Professional (CISSP)
- Strong ability to influence cross functionally, with experience presenting findings and recommendations to senior leadership and peers.
- Exceptional analytical skills with the ability to synthesize complex information and develop clear, actionable insights.
- Demonstrated expertise in control testing, regulatory compliance frameworks, and governance processes.
