Senior Manager, IT & Operational Risk Management, Regulatory Liaison

Job Summary

Job Description

What is the opportunity?

This role participates in and leads some of the execution of the Wealth Management Technology & Solutions (WMTS) Operational Risk Annual Plan and execution of operational risk management (ORM) and IT Risk management within WMTS.

The role is also responsible for participating in planning and managing Operational Risk Management programs and processes as they flow across WMTS.

Individual contributor with expert understanding of US and Canadian IT regulations, audit methodology, general computing controls (e.

g. logical access, patch and configuration management, change & incident management, etc.) and expert communication skills, acting as the single point of contact for internal / external audit engagements and regulatory requests for WMTS and US Wealth Management IT Risk.

Services provided cover audit ®ulatory response, risk & compliance exposure reporting, risk advisory & awareness, and IT & operational risk analysis

Wh at will you do?

• Lead preparation of periodic regulatory presentations, including associated monitoring activities, and contribute to presentation execution
• Lead coordination across technology (WMTS and larger T&O) and Business teams to ensure risk profiles are appropriately managed (e.

g. ensuring breached KRIs have viable go-to-green plans)

• Lead WMTS engagement of periodic audits and regulatory exams, working closely with stakeholders to ensure evidence is submitted on time and that management has an early indication of potential issues
• Support the review of applications across WMTS to determine their SOC1, SOX and / or Crown Jewel applicability
• Contribute to relationship building with enterprise stakeholders (e.g. Internal Audit and Group Risk Management)
• Contribute to the execution of Risk and Control Self Assessments for WMTS

What do you need to succeed?

Must-have

Expert knowledge of the global regulatory landscape impacting financial institutions (e.g. OSFI, FRB, FINRA, OCC, FCA, MAS), including control requirements (e.

g. NYDFS, SOX, GLBA, GDPR)

• Expert communication (verbal and written) skills, including a strong appreciation of relationship management
• Strong knowledge of general computing controls (e.g. logical access, patch & configuration management, change & incident management, etc.)
• Strong knowledge of IT and operational risk management processes, methods and tools
• Demonstrable technical knowledge and experience covering the operating systems (e.g. Unix, Windows, zOS) and database systems (e.

g. Oracle, SQL Server, Sybase, DB2)

CISA or CRISC Certifications

Nice-to-have

• CISSP certification
• CCSP or CCSK Certifications or demonstrable knowledge
• Knowledge of GRC tools (e.g. ServiceNow, Archer)

What's in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing and working together to deliver trusted advice to help our team and business partners.

We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• Flexible work / life balance options
• Opportunities to do challenging work
• Opportunities to take on progressively greater accountabilities
• Opportunities to building close relationships with business partners

LI-Hybrid

LI-POST

TECHPJ

Job Skills

Application Security, Critical Thinking, Cyber Security Management, Decision Making, Detail-Oriented, Information Security, Information Security Management, Information Technology (IT) Risk, Information Technology (IT) Risk Management, Information Technology Security, Internal Auditing, Interpersonal Relationship Management, IT Security Architecture, Performance Management (PM), Relationship Management, Risk Management