• Director, IT Risk Management

    Job Post Start
    CA-ON-North York
    Information Risk Management - 1067
  • Job Description


    The Information Technology (IT) department manages the technology and computer infrastructure that drives Tangerine’s business systems.

    The IT department supports the organization in these critical areas: End-User Technical Support, Desktop Management, Network Management, Voice and Data Communications, Business and Web Applications and Strategic Technical Planning.

    Focus of the director:

    • Functional Area Performance Execution                               
    • People

    Reporting To:

    Direct: VP, IT Governance, Compliance and Security – Tangerine

    Dotted: VP, IT Risk (OCTO) – Scotia Bank

    Role Purpose

    Build robust IT Risk related controls and processes and ensure that controls are maintained and adhered to in the assigned IT portfolios.

    Support the IT Leadership Team to collaboratively assess, analyze and quantify IT risk, design controls and assist in their implementation within the business line. Part of a strategic and comprehensive IT Risk Management Function within the First Line of Defense (1B), ensures implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

    Role Accountabilities:

    • Advises and supports risk owners in day to day risk management activities and execution
    • Acts as a primary interface and conduit between the risk owners and other risk groups to lead the facilitation and execution of risk management activities.
    • Identifies, assesses, prioritizes and reports on material IT risks for IT and aligned business areas. This will require working with equivalent risk advisors in various business areas.
    • Assists risk owners in adhering to policies, frameworks, standards and guidelines through active engagement, guidance and counselling.
    • Performs control testing and monitoring (if applicable)
    • Advises on the design of controls and remediation plans to mitigate risk
    • Ensure that IT Risk assessments and outputs are recorded in enterprise tools and in full compliance of all policies and common standards, including the IT Risk Management Policy and Framework.
    • Partners with other risk groups to assess, implement and communicate new/updated risk controls, frameworks, policies, risk indicators, metrics and limits.
    • Identify pervasive IT risk issues or issues that are common across the landscape.
    • Ensures implementation of a strong IT risk culture in partnership with the risk owners.
    • Candidates require strong leadership, communication and strategic influencing capability, supported by well-developed analytical and strategic thinking competencies.
    • Requires expert IT Risk management experience; systems design, security, availability, disaster recovery, third party risk management, change management, release management. Exposure to cloud controls would be an asset.
    • Good knowledge of multiple global businesses including related systems and procedures.
    • Good ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation and influencing skills.
    • Good communication, facilitation and presentation skills for developing communication strategies for Executive approval through to implementation of strategies and programs.
    • Data Analytics and Visual dashboarding skills (PowerBI/Tableau) are desirable.
    • If individual is on the Executive Team (ET), the following accountability also applies: Delegated by the President and CEO the responsibility for overseeing the execution of the Regulatory Compliance Framework including the Anti-Money Laundering/Anti-Terrorist Financing and Sanctions Program at Tangerine as outlined in the Scotiabank Enterprise-wide Anti-Money Laundering/Anti-Terrorist Financing and Sanctions Policy.
    • Other duties as assigned.

    Minimum Qualifications:                                                                                                                                                  

    • Education/Experience
      • University or College Degree (BA/BS) or equivalent experience
      • Candidates should have a breadth of IT and Risk Management experience (Governance, Operations, Audits, Control Functions, Regulatory and Compliance) over 8 + years.
      • 5+ years of experience in a security-related area in a leadership capacity


    Working Conditions:                                 

    The Director, IT Risk Management will be working in a traditional office environment and may be subject to special working conditions as needed by the business. Special working conditions may cover a range of circumstances from regular evening and weekend work, overtime, shift work, working outdoors and/or working with challenging clients.


    Direct Reports:



    Disability Accommodation:

    Tangerine will make reasonable accommodations for the known physical or mental disabilities of an otherwise qualified employee or applicant for employment, unless undue hardship to Tangerine would result. Any applicant or employee who requires accommodation in order to perform the essential functions of a job should contact Human Resources or his or her supervisor.

    Managing Risk:

    All members of the Tangerine Team are responsible for managing risk and compliance within their departments. As such, employees should maintain and demonstrate the highest standards of integrity and ethical conduct in accordance with Tangerine policies, guidelines and directions.


    Tangerine is an equal opportunity employer.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed