Reporting to the Director of Information Technology Risk Management, the Senior IT Risk Analyst is a key contributor for the development and execution of an enterprise IT Risk Management Program.
As a 1B Line of Defence function, this role provides leadership and subject-matter expertise to assist Tangerine stakeholders in the identification, evaluation, treatment and monitoring of risks to the Bank’s data assets and the systems where information resides. In doing so, this role will contribute towards Tangerine’s business objectives and our stated purpose of helping clients live better lives by empowering them to make smarter financial decisions.
The role if Senior IT Risk Analyst is focused on three key functions:
IT Risk Governance
- Maintain the currency of Tangerine’s policies and standards for managing risks to its information assets and systems.
- Lead the development of Tangerine policies, standards and control requirements to align the Bank’s business objectives with the need to manage IT and security risks.
- Liaise with Scotiabank counterparts to identify evolving requirements; lead Tangerine’s efforts to implement and comply with parent control expectations.
- Monitor evolving industry best practices, regulatory and legislative requirements; identify potential relevance and impact to Tangerine; and recommend changes to Bank IT policies and standards where necessary.
- Provide 1st Line of Defence functions with ongoing guidance to support their implementation of, and compliance to established IT and security requirements.
- Oversee processes to manage instances where Tangerine does not comply with established requirements.
- Ensure deviations and acceptance of IT risks are conducted, assessed, authorized and monitored appropriately.
- Report authorized IT deviations and acceptance of risks to Tangerine and Scotiabank leadership.
- Identify opportunities and initiate process changes to enhance Tangerine’s management of IT deviations and acceptance of risks.
IT Risk Consulting
- Provide direction to Tangerine’s leadership and functional teams to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems.
- Provide subject-matter expertise to direct 1st Line functions in their assessment of identified risks. Ensure evaluations (e.g., Threat-Risk Assessments, New Initiative Risk Assessments, Risk-Control Self-Assessments) are conducted in an objective and comprehensive manner.
- Communicate with Tangerine leaders and functional teams in a timely manner to provide insights and advance notification on external and internal factors that influence the Bank’s risk exposure and overall posture. This includes, for example, emerging cyber threats and IT vulnerabilities, evolving regulatory requirements.
- Oversee and direct 1st Line functions’ management of IT and security risks associated with outsourcing. Where required, offer direction for the assessment, treatment and monitoring of risks, and inclusion of appropriate contractual security terms and conditions.
- Lead advocacy and the building of a positive culture for the management of IT and security risks. Deliver ongoing counsel to Tangerine leaders and functional team members to build IT risk awareness and acumen; communicating the business value of security and IT risk management practices.
IT Risk Reporting & Compliance Monitoring
- Lead the design, collection and socialization of qualitative and quantitative measurements that demonstrate Tangerine’s ability to manage IT risks within established tolerances.
- Establish, maintain and modify as required Tangerine’s IT key performance and key risk indicators (KPIs, KRIs).
- Oversee Tangerine’s alignment and ongoing submission to Scotiabank risk measurement mechanisms (e.g., Cyber Security Dashboard, IT Risk Dashboard, Risk Appetite Statement), providing Tangerine and Scotiabank leadership with insights into the Bank’s ability to manage IT risks.
- Lead dialogue with Tangerine’s management teams and enterprise risk forums to establish business context for IT risk metrics.
- Lead engagement with Tangerine’s 3rd Line of Defence function (e.g., Internal Audit) to influence the focus, scope and criteria for the testing of the Bank’s IT risk capabilities.
- College or University degree (BA/BS), or equivalent experience.
- 5+ years in a technology, cyber security, audit, corporate governance or risk management-related role.
- Working experience in the financial services industry.
- Strong knowledge in regulatory, legislative and industry requirements governing the management of technology systems and information (PIPIEDA, OSFI, PCI-DSS, NIST, etc.).
- Strong communication and collaboration skills, as well as a strong team-oriented posture required.
- Strong analytical skills.
- Professional security designation an asset (CISSP, CRISC, CISM, etc.).
The Senior IT Risk Analyst will be working in a traditional office environment and may be subject to special working conditions as needed by the business. Special working conditions may cover a range of circumstances from regular evening and weekend work, working outdoors and/or working with challenging clients.
No. However, the role of Senior IT Risk Analyst will be expected to demonstrate leadership, and develop others by bringing positive energy, passion for the business and the discipline of IT risk management.
Tangerine will make reasonable accommodations for the known physical or mental disabilities of an otherwise qualified employee or applicant for employment, unless undue hardship to Tangerine would result. Any applicant or employee who requires accommodation in order to perform the essential functions of a job should contact Human Resources or his or her supervisor.
All members of the Tangerine Team are responsible for managing risk and compliance within their departments. As such, employees should maintain and demonstrate the highest standards of integrity and ethical conduct in accordance with Tangerine policies, guidelines and directions.
Tangerine is an equal opportunity employer.