Position Title: Senior Manager, Data & Vendor Risk Department: Enterprise Risk Management Location: Toronto Status: Regular Full-time (Hybrid) Day in the life of: The Senior Manager, Data & Vendor Risk, manages second line oversight activities for Data, Vendor, and Information Security Risk. This role will initially serve as the business lead for the Data Lifecycle Management Program, aimed at refining data collection/retention and business practices to strengthen CIRO’s data risk profile. Longer-term responsibilities include managing risk assessment processes and providing recommendations to business functions across data governance, vendor engagement, and information security.

Core Responsibilities:

• Data Lifecyle Program Leadership
• Act as a key contributor and manage program components partnering with project management and cross-functional team leaders.
• Oversee program planning and execution, including updates to retention plans, process enhancements, and data deletion activities.
• Review and challenge business practices across the data lifecycle: collection, usage, maintenance, retention, and deletion.
• Evaluate and recommend improvements to data retention plans across data platforms (e.g., Outlook, shared/network files, internal/vendor applications)
• Data Risk Oversight
• Provide independent oversight of Data Management and Information Classification Policies and procedures, including recommending updates on an ongoing basis.
• Develop, implement, and monitor data risk oversight framework, including risk identification, assessment, and control validation.
• Contribute to the design and execution of independent testing of key processes and controls (e.g., retention plan compliance).
• Review data risk implications in projects, business-as-usual changes, and vendor engagements.
• Vendor Risk Management
• Implement and manage oversight procedures throughout the vendor lifecycle: intake, duediligence, onboarding, and ongoing monitoring -
• Act as the risk point of contact for vendor-related activities across projects and BAU
• Ensure consistent interpretation and application of the Procurement/Vendor Management Policy
• Review and challenge business decisions throughout the vendor lifecycle.
• Recommend enhancements to vendor risk policies and practices.

Key Skills and Competencies:

• Strong execution skills, ability to collaborate and influence
• Proven leadership in driving change and fostering cross-functional collaboration
• Deep expertise in risk management frameworks and industry standards
• Strong prioritization and execution skills across complex, concurrent initiatives
• Exceptional relationship-building and stakeholder Engagement primarily with internal stakeholders
• Advanced analytical thinking with a keen attention to detail and ability to navigate complex issues
• Demonstrated success in leading projects from concept to completion
• Comprehensive understanding of investment management and capital markets
• Experience in evaluating and enhancing control environments and operational procedures
• Proficiency in leveraging technology and systems to support risk oversight
• Clear, influential communicator with a collaborative leadership style

Education/Experience:

• Advance designation or degree (e.g. MBA, FRM, CFA) is an asset
• 10+ years in risk management or related roles within financial services
• People management experience in leadership roles is an asset.
• 5+ years specializing in Data, Vendor/Third-Party, and/or Information Security Risk
• Experience in systems architecture, implementation, and application support
• Proven track record in project delivery and/or business analysis

What we offer:

• Competitive base salary in alignment with market
• Performance based bonus *
• Hybrid work environment
• Employer paid Health Benefits and Spending Account that offer flexibility to meet your individual or family needs as of day one
• Defined Contribution Pension Plan with company matching that starts on your first day of employment *
• Paid flex days and sick days *
• Vacation days
• Maternity Leave Of Absence/Paternity Leave Of Absence top up *
• Paid continuous learning and continuing development including designations *
• Asterisked offerings are not applicable to contracts

Why the Canadian Investment Regulatory Organization (CIRO): Our purpose and our impact:

With offices across Canada - from Vancouver to Montreal, our mission is to promote healthy capital markets by regulating fairly and effectively so that investors are protected and confident investing in their futures. As regulators, we understand that we are all investors, and therefore a career with us is a purposeful career: protecting our future.

Culture and Working Environment: Life at CIRO is purpose and performance- driven. We foster an inclusive culture where teamwork, a forward-thinking attitude, and integrity are at the core of everything we do. This creates an environment where employees thrive, grow, and are empowered to learn and contribute their best.

Joining CIRO means becoming part of a dynamic and transparent organization that values accountability and is committed to maintaining the highest standards of regulatory oversight in the financial industry.

Looking for a career where you can safeguard the integrity of Canadian markets? Join CIRO and be part of the team that secures our financial future.

Our Commitment:

CIRO is an equal opportunity employer and is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act, 2005 (AODA). CIRO will provide accommodation to job applicants with disabilities throughout the recruitment process. Should you require accommodation, please contact Human Resources.

No part of our recruitment process uses artificial intelligence (AI) to screen, triage, or assess candidates. All applications are reviewed by our hiring team.

While we appreciate receiving applications, only those applicants who closely meet the position requirements will be contacted.

#hiring