Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, ThinkInsure, Zolo, and Flexiti, provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, insurance, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money.

We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.

This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG.

What’s in it for you as an employee of QFG?

• Health & wellbeing resources and programs
• Paid vacation, personal, and sick days for work-life balance
• Competitive compensation and benefits packages
• Work-life balance in a hybrid environment with at least 3 days in office
• Career growth and development opportunities
• Opportunities to contribute to community causes
• Work with diverse team members in an inclusive and collaborative environment

We’re looking for our next Senior Manager, IT Risk & Governance Oversight. Could it be you? Reporting to the Director, Operational Risk & Resilience, the Senior Manager, IT Risk & Governance Oversight will be primarily responsible for providing oversight of the Technology risk management and governance framework. Technology services at Community Trust Company (“CTC”) are outsourced to the parent company Questrade Financial Group (“QFG”) and other service providers, where technology operations are the responsibility of such providers however risk oversight remains within CTC.

Among a myriad of other responsibilities, the mandate of this role is to provide oversight and effective challenge to the work being performed by the 1st line and other outsourced technology functions. This includes the monitoring and reporting mechanisms that highlight areas of risk exposure and opportunities for effective control of business risk arising from the use of technology. While the successful candidate will operate as part of the Risk Management team, they will be the subject matter expert on all Technology-related matters within the department and have to collaborate with Enterprise IT & Cyber Governance, Risk & Control on a regular basis. This individual plays a critical role in overseeing the confidentiality, integrity, and availability of CTC’s information assets and the alignment of Technology operations with business objectives and regulatory requirements.

This role is responsible for the independent design, execution, and oversight of technology risk assessments, control testing, and validation of IT and cybersecurity controls. The role requires a strong technical background to critically evaluate and challenge the design and effectiveness of 1st line of defense IT risk management practices, and to analyze overall Information Technology performance, risk metrics, and control effectiveness against established standards, policies, and regulatory requirements. Excellent communication skills are essential to prepare and deliver regular risk reporting to management, including clear articulation of identified control deficiencies, risk exposures, and recommendations for enhancing the 1st line's technology risk management framework and practices including providing recommendations to outsourced technology service providers.

Need more details? Keep reading... In this role, responsibilities include but are not limited to:

• Providing effective challenge and oversight to the first line of defense regarding the identification, assessment, monitoring, and mitigation of IT & Cyber risks, ensuring alignment with established risk appetite and tolerances.
• Maintaining subject matter expertise and awareness of evolving regulatory requirements, industry best practices (e.g., ISO 27001, NIST CSF, COBIT), and emerging threats related to information technology and cybersecurity.
• Independently reviewing and validating the design and operating effectiveness of IT and cybersecurity controls implemented by the first line of defense.
• Overseeing and challenging the risk management of outsourced Technology functions across various domains (e.g., infrastructure, applications, cybersecurity, data management), including the review of third-party risk assessments.
• Monitoring and analyzing key IT risk indicators (KRIs) and metrics to identify emerging trends and potential control weaknesses.
• Assessing and reporting on the residual risk exposure associated with IT processes and systems, providing clear and concise communication to stakeholders.
• Collaborating with internal audit, compliance, and other risk functions to ensure a coordinated and integrated approach to risk management.
• Evaluating and challenging the risk assessments conducted by the first line of defense for new initiatives, systems, and changes to existing operations.
• Contributing to the development and maintenance of the Technology risk management framework, including policies, standards, and procedures.
• Reviewing and challenging cybersecurity-related test results (e.g., vulnerability scans, penetration tests) to ensure appropriate remediation of identified vulnerabilities.
• Contributing to the development, testing, and maintenance of IT business continuity and disaster recovery plans from a risk perspective, ensuring alignment with business resilience objectives.
• Providing risk-based guidance and support to the incident response team, ensuring that security incidents are thoroughly investigated and that root causes and lessons learned are incorporated into risk management processes.
• Developing and delivering IT risk and security awareness training programs to enhance the first line's understanding of risk management responsibilities.
• Preparing and presenting risk reports, including KPIs and KRIs, to senior management, risk committees, the Board, and regulators, clearly articulating risk exposures and trends.
• Liaising with business units to understand new and developing business strategies and assess their potential impact on the IT risk profile.
• Ensuring IT compliance with relevant laws, regulations, and contractual obligations, including OSFI guidelines (e.g., E-21, B-13, B-10) and other applicable financial industry regulations.

So are YOU our next Senior Manager, IT Risk & Governance Oversight? You are if you…

• Have 7-10 years of experience in a Technology Risk Management, Technology Governance or IT Audit / Quality Assurance role within the financial services industry
• Hold a University degree in Computer Science, Management Information Systems, other related field or equivalent directly related work experience
• Hold one or a combination of CISA, CRISC, CGEIT, CISM or working towards them
• Understand a broad set of industry best practices (COBIT, ITIL, NIST CSF)
• Have leadership experience in Service Quality Assurance
• Have in depth experience building, maintaining and reviewing risk and control frameworks and their inputs
• Have experience building, reviewing, or challenging key performance indicators (“KPI”) and key risk indicators (“KRI”)
• Can communicate effectively to both technical and non-technical audiences
• Are proficient at writing or updating Technology and Security procedures
• Are capable of building right-sized IT Governance solutions
• Have excellent written and verbal communication skills
• Work well autonomously
• Have strong benchmarking, reporting and presentation skill
• Are results driven and action oriented
• Have strong organizational skills proven in managing multiple projects and ad-hoc tasks simultaneously
• Have strong business acumen and knowledge of principles, techniques, current trends, best practices, regulations, policies, and programs related to risk management
• Have people management experience
• Have a desire for high performance and ability to make an impact
• Have in depth experience in deciphering regulatory requirements and developing customized compliance solutions
• Have a solutions-oriented mindset, critical thinking and sound decision making
• Have strong collaboration, influencing, conflict resolution and stakeholder relationship building and people and process management skills
• Have proven ability to manage multiple deliverables with firm deadlines
• Have excellent written communication skills with ability to articulate key messages concisely and effectively
• Have experience in Business Continuity and Disaster Recovery Planning
• Have experience creating reports for senior management
• Are proficient with Microsoft Office, Google Suite, Power BI, etc.

Sounds like you? Click below to apply! At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.

Questrade Financial Group of companies Applicant Tracking System utilizes artificial intelligence (AI) for application screening. The AI system operates on predetermined criteria, with final decisions subject to human review.

Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.