Description
Grade: L10Referral Level: Level 1 Division: IGM Technology IGM Financial Inc. is one of Canada’s leading diversified wealth and asset management companies with approximately $271 billion in total assets under management. The company provides a broad range of financial planning and investment management services to help more than two million Canadians meet their financial goals. Its activities are carried out principally through IG Wealth Management and Mackenzie Investments. Under IGM Financial’s unique business model based on leading brands and multi-channel distribution strategy is Mackenzie Investments, founded in 1967. Mackenzie Investments is a holistic asset-management partner for thousands of Canadian financial advisors and the investors they support. At Mackenzie Investments You Can Build Your Career with Confidence. We have a vision and a strategy that will challenge the way business in this industry is done and help Canadians be successful in the ways that mean the most to them. As part of our team, you will do some of your best work, develop some of your most valuable skills and give back in ways that make a difference in the lives of Canadians. We are proud to be recognized as one of Canada’s Top Employers by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while working remotely, while also providing resources to ensure physical and mental wellness were put front and centre. Join an unstoppable team that is embedded in continuous learning, understanding, and knowledge sharing. You will thrive in our supportive environment where you can indulge your curiosity to learn, while receiving the feedback you need to refine your skills and abilities. We are dedicated to offering a hybrid work environment when applicable. Mackenzie Investments is a diverse workplace committed to doing business inclusively – this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada – including racialized persons, women, Indigenous persons, persons with disabilities, 2SLGBTQIA+ community, gender diverse and neurodiverse individuals, as well as all who may contribute to the further diversification of ideas. Role & ResponsibilityThe AVP, IT Risk is responsible for First Line of Defense for IGM with responsibility for planning, directing, controlling, identifying and managing the inherent operational risks in products, activities, processes and systems across IGM. This role sets the enterprise risk strategy and risk appetite and matures, expands and optimizes IGM’s information risk management capabilities while positioning the organization to be agile and ready to respond to ever-changing threat landscape and security risks. The AVP directs staff in execution of the risk strategy to ensure information and information technology risks are within acceptable levels.Risk StrategyResponsible for designing, advising, supervising and coordinating the implementation, management and execution of the IGM IT security, risk and compliance framework Collaborate with the Executive Leadership team to develop an enterprise security vision and first line of defence strategyDevelop and publish risk management policies and guidelines including third party risk assessments, penetration testing, vulnerability assessments and continuous monitoringDistill and report on issues to leadership and where applicable to 2nd Line of Defense PartnersLead discussions with 2nd Line partners about potential solutions to issues identifiedPartner with other members on the Governance and Control teams to assess business and regulatory riskKeep abreast of emerging issues, trends, and evolving regulatory requirements to identify new opportunities and assess potential impactsEnsure risk issues are identified, managed and reported per enterprise policy/guidelines and ensure appropriate escalation processes are followedExecution and Operational SupportExecute on First Line of Defense Support experts in the execution of the Agile and Waterfall project methodology across lines of businessProvides guidance and expert advice into the management of application security risks, and influences the identification, measurement, and management of cyber security riskSupport the successful launch of new initiatives by finding the right balance of governance and controls while ensuring activities are within IGM’s risk appetite and risk management policiesBe the Subject Matter Expert/first point of contact for respective risk/control function responding in a timely manner to support project executionProvide guidance on detailed business requirements for projects to address regulatory requirements and expectationsWork closely with Transformation delivery teams to provide support, guidance and analysis on business risk and regulatory compliance issuesSupport transparency with 2nd Line of Defense risk control partners through engagement, defined interaction model and issuance of processes, requirements and/or artifacts supporting their mandate of oversight and challengeSupport for various risk functions within IGMProvide consultation and guidance for workstream leads to ensure full understanding of requirements and appropriate risk controls Work effectively with 2nd line partners to address issues and emerging risks on new initiativesAccountable for ensuring IGM can demonstrate that we are compliant with all relevant cyber security standards and regulations, and supporting and enabling our second and third lines of defenseDevelops and implements an IGM enterprise risk, security and compliance awareness and training program that fosters a culture of continual awareness, accountability and proactive behavior across IGMUses various risk identification, measurement, management and monitoring tools such as Risk and Control Assessments (RCAs), Threat and Risk Assessments (TRAs), Privacy Impact Assessments (PIAs), scenarios, key risk indicators, event reporting, and incident reportingGather metrics and ensure Information security incidents are identified, reported, mitigated and resolved in a timely, accurate and sustainable mannerTake end to end ownership of cybersecurity owned programs and related activities including security policies, vendor risk and compliance management, regulatory audits, security awareness and training, security integration and assessment of M&A and related venturesWorks with all levels of the organization to ensure understanding and implementation of IT Risk and Security policies and procedures, processes and controlsDevelop metrics, measurement methodologies, reporting and processes (including Key Risk Indicators) to consolidate, interpret and report enterprise risk information to senior management, Board, regulators and external ratings agenciesContinuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation effortsSelects and identifies the best risk assessment tools to support risk identification, risk impact assessment, risk prioritization and risk tracking in support of the second line of defense, compliance and audit standards, policies and guidelinesSupport ongoing socialization of risk initiativesQualifications 10+ years of progressively senior IT risk and compliance experience, with experience in top tier management consulting firms preferredStrong risk management expertise, with knowledge and experience managing strategic IT risks Experience developing financial and nonfinancial risk management methodologies, measures, control frameworks, policies, procedures, standards, guidelines and related processesStrong track record of successfully developing and executing risk methodologies in partnership with cross functional teams that achieve intended benefits Experience working with legal, audit and compliance staffExperience with common information security management frameworks, such as International Standards Organization (ISO) 27001, National Institute of Standards and Technology (NIST) cybersecurity framework, Cloud Security Alliance Cloud Controls matrix and other leading-edge security frameworksA strong understanding of the business impact of security tools, technologies and policiesOne or more industry recognized information professional designations Knowledge of the Financial Services industry would be an assetRelevant certifications include:Certified Information Systems Security Professional (CISSP)CRISC – Certified in Risk and Information Systems ControlSoft Skills (AVP Roles) Leadership: Attract and retain high caliber talent by recognizing organizational and individual needsSet vision and priorities for the team with clarity and confidence, effectively managing capacity and planning activities and ensuring staff are set up for successInfluence staff in functions and business to achieve outcomes in a highly consultative and partnering mannerContinually develop the overall capability of a diverse team and accurately appraise the strengths and development areas of the team through constructive feedbackStrong leadership skills and the ability to work effectively with Executive and business partners, IT engineering and IT operations staff.Superior collaboration and interpersonal skills with a demonstrated ability to work effectively and build consensus in a multi-functional team environmentSuperior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environmentStrong capabilities to develop and guide information security team members and IT operations personnel, and work with minimal supervisionStrong desire to implement change and contribute to the organizationRelationship Management: Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with senior management, the IT organization, project and application development teams, internal and external business partners and vendorsThe ability to interact with company personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.Proven ability to establish and build healthy working relations and partnerships with clients, vendors and peersHighly credible with senior executives while also able to connect and build trust- based relationships with stakeholders at all levels of an organization Gain commitment, trust and support from others and will be able to sell ideas inside and outside the organizationInfluence & Focus: Ability to focus/align the organization around critical initiatives, best practices and guiding principlesExceptional influencing skills and ability to work transparently and cooperatively with the cross-functional teams, effectively engaging all pertinent stakeholders, both internal and externalDetermination: The successful candidate will not be afraid to challenge the status quoExhibit a mindset of creativity, determination, and an energetic drive to succeedHave a proven track record of setting and meeting aggressive goals and action plans, both as an individual and with a teamVersatility and Resilience: Able to oversee multiple projects and excel in a complex and evolving portfolio Demonstrate appropriate flexibility in all situations and will be comfortable with ambiguity, while pivoting from macro to micro issues, from shaping the technology, innovation, digital, and strategy agenda through to the day-to- day details of operations and compliance issuesIntegrity: Adhere to the highest standards of personal and professional integrity and set a positive example for othersPeople Management: Provide leadership and effective management of staffAccountable to influence employee commitment to the organization, to the team, and to their jobSet appropriate context when assigning work to link the employee’s work to organizational/ business unit goalsLead and build a team and individual capabilities to ensure employees can perform to job requirementsPlease visit our career page by clicking on the following link: https://www.mackenzieinvestments.com/en/careers We thank all applicants for their interest in Mackenzie Investments; however, only those candidates selected for an interview will be contacted. Mackenzie Investments is an accessible employer committed to providing a barrier free recruitment experience. If you require an accommodation or this information in an alternate format at any stage of the recruitment process, please reach out to the Talent Acquisition team who will work with you to meet your needs. #LI-JS2 #LI-Hybrid
