You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Role Summary

Senior Consultant, Governance, Risk and Compliance.  This role is responsible for the support of all aspects of the Governance, Risk and Compliance (GRC) function for Digital Business and Technology Solutions (DBTS); establishment and roll out of an integrated risk framework including monitoring and continual improvement activities and alignment to the Sun Life Policy and Operational Risk frameworks and related regulatory drivers.

What will you do

• Program leadership for integrated risk, internal control framework, IT governance and compliance topics; build and maintain positive relationships with a broad range of stakeholders across DBTS, Business and Corporate partners
• Deliver initiatives to mature comprehensive risk profile monitoring and reporting, including Key Risk Indicators (KRIs), Emerging Risk, Annual Risk Planning activities and Risk and Control Self Assessments for DBTS
• Support the evolution of the integrated risk framework for DBTS; enable governance, monitoring and reporting for DBTS risk and compliance management programs and practices including the Policy Exception process
• Contribute to operational risk management reporting to ensure that key enterprise-wide operational risk themes can be communicated to senior management
• Identify opportunities to implement systems and process solutions to improve efficiency and effectiveness
• Contribute to the development and implementation of departmental plans.  Provide support and assistance to other members of the DBTS GRC team where required.
• Support DBTS with interactions regarding risk reporting with CORM and risk partners

Risk Governance & Oversight

• Maintain Technology Risk Committee for DBTS to ensure alignment with the Enterprise Risk and Operational Risk frameworks.  Chair quarterly DBTS Risk and Compliance Committee. 
• Incorporate risk assessments into processes for change management, project oversight (VRO), and decisions made by technology investment boards (ATG).
• Produce quarterly reports on risk, using established key risk indicators (KRIs) and the organization's defined risk tolerance.

Risk Identification & Assessment

• Ensure the Risk and Control Self-Assessment (RCSA) process is effectively designed, executed, and maintained to provide an accurate and comprehensive view of the DBTS’s risk and control environment.
• Identify emerging risks from regulatory change and industry benchmarks.

Risk Monitoring & Challenge

• Establish and maintain an effective Key Risk Indicator (KRI) inventory that enables proactive monitoring of key risks, facilitates early identification of emerging issues, and supports informed decision-making across DBTS.
• Monitor Key Risk Indicators and other metrics (system downtime, patch compliance, vulnerability counts, vendor SLA breaches, etc.). Escalate risks outside tolerance/appetite to DBTS Executive Team and Enterprise governance forums.
• Challenge DBTS risk owners on completeness of risk assessments, adequacy of controls, and timelines for remediation.
• Conduct regular, consistent, and proactive challenge across key DBTS’ services and document the challenge and any remediation.

Control Advisory & Support 

• The control challenge process ensures that the DBTS’s control environment is effective, sustainable, and aligned with risk appetite by providing independent oversight and challenge of control design, operation, and adequacy. Controls of key technology processes will be proactively challenged through annual control monitoring program and consistently through existing operational risk programs (e.g. RCSA, KRI, etc.) and compliance program requirements.
• It enables the 1B functions to identify control weaknesses, gaps, or trends that may expose DBTS to undue risk.
• The 1B Functions will work with control owners to ensure controls are designed effectively and operating effectively.

Issue & Incident Management

• The 1B function work with risk owners, controls owners, and the Incident Management team to ensure that significant operational, compliance, and technology issues or incidents are identified, assessed, challenged, and remediated effectively.
• The 1B function provides independent oversight and challenge to verify that the first line (1A) is managing issues and incidents in a timely, transparent, and risk-based manner, consistent with enterprise risk appetite and governance standards.

Reporting & Transparency      

• Deliver regular reporting to DBTS management highlighting:
• Top technology risks and trends.
• KRI breaches and appetite exceptions.
• Emerging risk themes.
• Operational and Compliance Program requirements and status
• Internal Audit finding status
• Policy Noncompliance Reporting and remediation
• Regulatory findings and developments

What you need to succeed:

• A post secondary degree or diploma in Information Technology or Business Administration
• A minimum of 5 years experience in Operational Risk Management.
• Certifications nice to have CISA, CRISC, CISSP, CRM, FRM, MBCI, CBCP
• Relevant IT / best practice certifications (ITIL, Risk, GRC, Privacy etc.) is an asset

Preferred Skills:

• Expert level knowledge of supplier risk, records management, business continuity, privacy and information management.
• Ability to work independently and apply professional judgment to effectively diagnose the root cause of problems.
• Strong verbal and written communications skills - must have the ability effectively present to senior leaders.
• Strong consulting, client service orientation, and relationship management skills recommendations
• Strong aptitude towards process development and documentation
• Extensive knowledge of IT risk management, cybersecurity principles, and compliance standards.
• Experience in crisis management and incident response.
• Familiarity with risk management frameworks such as NIST, ISO 27001, COBIT, and ITIL.
• Experience with insurance, banking, or other financial services environments is preferred.
• Experience with ServiceNow and RSA Archer is an asset
• Excellent communication and interpersonal skills, with the ability to communicate complex technical concepts to non-technical stakeholders.
• Strong analytical, problem-solving, and decision-making skills.
• Ability to work in a dynamic fast paced environment with tight deadlines.
• Experience with information technology, architecture and technical concepts.
• Solid organizational, interpersonal, and relationship building and influencing skills.
• Strategic thinker, able to articulate the bigger picture and proactively plan.
• Experienced at supporting change and helping others through the process.
• Familiarity with Sun Life Risk Management Framework and risk management polices an asset.

Job Category:

Posting End Date: