Tangerine is Canada’s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. It’s important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.
Tangerine IT Risk Management team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for Tangerine and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, and Audit and Regulatory issue remediation. There are many exciting opportunities to grow in the areas of risk management, business technology development and work with many cross-functional teams within the Bank
As a 1B Line of Defence function, this role provides leadership and subject-matter expertise to assist Tangerine stakeholders in the identification, evaluation, treatment and monitoring of risks to the Bank’s data assets and the systems where information resides. In doing so, this role will contribute towards Tangerine’s business objectives and our stated purpose of helping clients live better lives by empowering them to make smarter financial decisions.
Reporting to the Director of IT Risk Management, the Senior IT Risk Analyst is a key contributor for the development and execution of an enterprise IT Risk Management Program.
The role of Senior IT Risk Analyst is focused on three key functions:
IT Risk Governance
Maintain the compliance oversight of Scotiabank’s security and risk management framework, policies and standards for managing risks to its information assets and systems.
Identify, assess, prioritize and report on material IT risks and aligned business areas. This will require working with various Risk owners / ambassadors and other control function groups.
Liaise with Scotiabank counterparts to identify evolving requirements.
Monitor evolving industry best practices, regulatory and legislative requirements;
Provide 1st Line of Defence functions with ongoing guidance to support their implementation of, and compliance to established IT and security requirements.
Conduct risk assessments and ensure that assessments and outputs are recorded in enterprise tools; support IT risk control testing and monitoring and help Risk Owners with remediation plan.
Oversee deviation and IT risk acceptance processes where Tangerine does not comply.
Perform various types of data analysis work and prepare monthly / quarterly reporting.
IT Risk Advisory
Provide direction to Tangerine’s leadership and functional teams to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems.
Provide subject-matter expertise to direct 1st Line functions in their assessment of identified risks. Ensure evaluations (e.g. TRA, NIRA and RCSA) are conducted in an objective and comprehensive manner.
Oversee and direct 1st Line functions’ management of IT and security risks associated with outsourcing. Where require, offer direction for the assessment, treatment and monitoring of risks, and inclusion of appropriate contractual security terms and conditions.
Lead advocacy and build positive culture for the management of IT and security risks. Deliver ongoing counsel to risk owners to create IT risk awareness and acumen; communicating the business value of security and IT risk management practices.
IT Risk Reporting & Compliance Monitoring
Maintain Tangerine’s IT KPIs and KRIs within established tolerance.
Oversee Tangerine’s alignment and ongoing submission to Scotiabank risk measurement mechanisms (e.g., Cyber Security Dashboard, IT Risk Dashboard, and Risk Appetite Statement).
Lead engagement with Tangerine’s 2nd and 3rd Line (Audit Teams) of Defense function to influence the focus, scope and criteria for the testing of the Bank’s IT risk capabilities.
On-going monitor and track issues raised by Internal Audit and Regulators, assist risk owners to ensure remediation is completed within pre-defined timelines and risk is addressed appropriately
Coordinate SOX control testing efforts for the bank. Facilitate evidence collection and escalate conflicts or roadblocks to relevant SME to ensure control testing is complete as per schedule.
College or University degree (BA/BS), or equivalent experience.
5+ years in a technology, risk management, cyber security, audit or corporate governance role.
Good working knowledge of risk management (governance, operations, audit, control functions, compliance, and risk management) and Canadian Banking business and processes.
Strong knowledge in regulatory, legislative and industry requirements governing the management of technology systems and information (PIPIEDA, OSFI, PCI-DSS, NIST, etc.).
Strong communication and collaboration skills, supported by well-developed logical and analytical competencies.
Self-driven and fast learner, work independently at a fast-paced environment, guided by established practices and apply sound judgement to identify, troubleshoot and resolve day-to-day business, functional and operational issues.
Good ability to balance competing or conflicting goals with a good sense of urgency.
Professional security designation an asset (CRISC, CISA, CISSP etc.).
Certified Information Systems Auditor (CISA);
Certified Information Systems Security Professional (CISSP); or
Certified in Risk and Information System Control (CRISC)
The Senior IT Risk Analyst will be working in a traditional office environment and may be subject to special working conditions as needed by the business. Special working conditions may cover a range of circumstances from regular evening and weekend work, working outdoors and/or working with challenging clients.
No. However, the role of Senior IT Risk Analyst will be expected to demonstrate leadership, and develop others by bringing positive energy, passion for the business and the discipline of IT risk management.
Tangerine will make reasonable accommodations for the known physical or mental disabilities of an otherwise qualified employee or applicant for employment, unless undue hardship to Tangerine would result. Any applicant or employee who requires accommodation in order to perform the essential functions of a job should contact Human Resources or his or her supervisor.
All members of the Tangerine Team are responsible for managing risk and compliance within their departments. As such, employees should maintain and demonstrate the highest standards of integrity and ethical conduct in accordance with Tangerine policies, guidelines and directions.
Location(s): Canada : Ontario : North York
At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know.