We are seeking a Manager, Technology Risk & Controls, to lead governance, monitoring, and reporting across assigned Technology portfolios. This role focuses on developing actionable risk and security insights through structured risk profiling.

Reporting to the Director, this first line (1B) role acts as a trusted advisor, translating complex risk data into clear, actionable insights that inform senior leadership decisions, support business objectives, and strengthen the organization’s Information Security & Technology Risk (ISTR) posture.

Key responsibilities include, but are not limited to:

• Own and deliver portfolio-level risk profiles by consolidating risk and security insights across assets, initiatives, and key domains, including Cyber/Information Security, Technology Operations, and Technology Delivery.

• Develop and maintain standardized, executive-ready risk reporting, including KRIs/KPIs, thematic risk views, issue trends, policy exceptions, and control health indicators.

• Drive end-to-end governance of portfolio risk reporting, ensuring data quality, integrity, and consistency across inputs from multiple stakeholders and process owners.

• Partner with technology process owners, data owners, and delivery teams to ensure timely, accurate, and complete inputs into risk reporting.

• Act as a central coordination point across Technology, ISTR, Audit, and second line of defense (2LOD) functions, ensuring alignment and a consistent risk narrative.

• Engage with 2LOD oversight functions to incorporate independent challenge and regulatory expectations into reporting outputs.

• Collaborate with SMEs across CIO and CISO organizations to align risk reporting with enterprise priorities and emerging risk themes.

• Present portfolio risk posture, key themes, and emerging risks to senior leadership, demonstrating strong executive presence and influencing decision-making.

• Provide effective review and challenge of risk inputs (e.g., issues, audit findings, control statements) to ensure accuracy and completeness in executive reporting.

• Continuously enhance reporting capabilities through automation, visualization, and improved storytelling.

• Promote a transparent, risk-aware culture by improving visibility and understanding of technology and information security risks.

• Assist with internal policy risk assessments to ensure compliance with standards and regulations.

• Assist with internal, external and regulatory audit responses, including stakeholder engagement and evidence collection

What You Will Bring:

• 8–10 years of experience in financial services or another regulated industry.

• 8–10 years of progressive experience in technology risk, information security, regulatory compliance, or IT governance.

• 3–5+ years of leadership experience (preferred).

• Bachelor's degree in computer science, Information Systems, Engineering, or related field, or equivalent experience.

• Strong understanding of technology risk, information security, Enterprise Risk Management framework, and regulatory requirements (e.g., OSFI, CIRO), as well as industry standards (COBIT, NIST, ISO, SOC 2).

• Proven ability to analyze and translate risks in a business context.

• Demonstrated continuous improvement mindset.

• Excellent written and verbal communication skills.

• Strong stakeholder management skills, with the ability to influence and build consensus.

• Intellectual curiosity and commitment to ongoing learning in technology and risk governance.

• Understanding of large enterprise operating models in regulated environments.

• Understanding PowerBI and automation tools or platforms would be an asset.

• Preferred certifications: CISA, CRISC, CISM, or CISSP.

• Experience with GRC tools (e.g., ServiceNow IRM, MetricStream).