Director, IT Governance and Risk

Northbridge Financial Corporation - Toronto, ON (5 months ago)

Apply Now

“The Power of Together”

Join Northbridge, a growing dynamic company that has a long and rich Canadian history in providing innovative insurance solutions to customers nationwide.

Northbridge Financial Corporation is a leading commercial property and casualty insurance company that’s been helping protect Canadian businesses for more than 90 years. We’re 100% Canadian!

We offer a wide range of creative solutions to our customers through our Northbridge Insurance, TruShield Insurance and Federated Insurance brands where we strive to create a fair and friendly culture, upheld by the foundation of our five corporate values: respect, passion, connectedness, creativity, and excellence.

By continually striving to challenge the status quo, and by focusing on helping the customers we have the privilege of insuring achieve the possibilities of their business, we’ve been able to build our reputation as one of Canada’s largest commercial insurance providers.

To help us continue to build on this success, we’re committed to attracting, developing and retaining the best people.

Be part of a team that’s passionate about making a difference every day, fuelled by our entrepreneurial spirit and where everyone owns a part of our success. Our company has had an amazing journey so far, and our future is full of new possibilities!

Located in the heart of Toronto’s Financial District, our head office is easily accessible by TTC and GO Transit, and within walking distance to the Eaton Centre, Rogers Centre, and CN Tower. As a national property and casualty commercial insurance provider, we also have offices across Canada.

Position Summary

This is a hands-on management position that encompasses managing staff, leading projects and participating in the assessment of IT security and operational risks, and control effectiveness for both implemented applications, and infrastructure, and pending technology projects. This position will manage the activities to identify, classify, document and report on risks and control issues in the Northbridge computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions.

What you will be doing:
Perform IT control assessments to ensure effective IT controls are in place to meet operational and compliance requirements.
Develop, maintain, review and report on the IT Operational Risk Register. Schedule and participate in periodic risk self-assessments and track remediation action plans.
Facilitate and work with G&S Team members, Internal Audit, External auditors and IT Control owners to ensure timely responses to audit compliance reviews and testing
Examine and review testing results, design and prepare reports that ensure results are effectively communicated to IT management for corrective action, where required.
Perform ongoing logical access reviews and recommend updates to access control privileges to ensure proper Segregation of Duties based on user access reviews.
Provides timely and accurate responses to questionnaires or surveys assigned to IT from all sources: Regulators, auditors, parent company, et al.
Assist security personnel, resource owners, and IT staff in understanding and responding to security assessment gaps reported by annual Penetration Tests
Ensure risk exceptions are documented and approved. Track and monitor risk exceptions’ action plans and ensure control deviations are identified and mitigating controls are in place.
Assist with drafting and maintaining IT policies
Participate as oversight reviewer in the performance and testing of annual disaster recovery tests and business continuity plan.

KEY ACCOUNTABILITIES – IT Software Asset Management:
Maintain a register of all purchased software licenses and associated license agreements.
On a regular basis, conduct an audit to identify all instances of installed licensed software. compare the number of installed software instances with the number of licenses owned.
When instances are lower than the number owned, decide whether there is a need to retain or terminate licenses, considering the potential to save on unnecessary maintenance, training and other costs.
When instances are higher than the number owned, consider first the opportunity to uninstall instances that are no longer required or justified, and then, if necessary, purchase additional licenses to comply with the license agreement.
On a regular basis, consider whether better value can be obtained by upgrading products and associated licenses.

Performs due diligence on new, proposed IT vendors and prepares a completed risk profile for the vendor during the on-boarding process. Subsequently conducts an annual review of critical vendors including scorecards
Evaluates vendor software pricing model options and maintenance programs to optimize TCO while providing future flexibility for the company
Collaborates with Procurement for contractual related needs
Provides input to the IT service owner to optimize the vendor relationships, including driving value for money and ongoing supplier performance, as well as coordinating efforts between internal stakeholders and the supplier account teams to meet procurement objectives
Facilitate Governance & Security vendor review meetings and hold fact-based, diplomatic, and frank discussions with vendors regarding opportunities for improvement

What we are looking for:
Minimum University Degree or College Diploma in IT related discipline or the equivalent work experience
Minimum 10 years industry experience
Good working knowledge of the common IT frameworks, including COBIT 5, ITIL, ISO 270001 and 270002, and current IT governance best practices
Sound knowledge of Microsoft Office Suite application

What sets you apart:
Demonstrates a deep understanding of Information Technology security and operations and IT products and services.
Demonstrated experience in identifying, assessing and managing IT risk.
Demonstrates excellent project management skills, inspires teamwork and accountability with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services.
Strong analytical skills and good working understanding of the MS Office Application Suite.
Good understanding of Strategic sourcing concepts and best practices related to the procurement of IT products and service is an asset.

What We Have to Offer:
Northbridge Cares program – volunteer day and donation matching
Generous paid time off, including personal days. Flexible work hours as well as early departure opportunities
Flexible Group Benefits Plan – medical, dental, insurances
Defined Contribution Pension Plan + Optional Group RRSP
Northbridge Employee Share Purchase Plan
Education Assistance Program
Employee Assistance plan
Staff Insurance - discount on home, automobile and pet insurance
Plus, the opportunity to contribute to the success of Northbridge through sharing your knowledge and experience while learning from others!

Application Process:
Northbridge welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Interested, qualified candidates are encouraged to apply.

All offers of employment are conditional upon satisfactory background and reference checks, including a criminal record check, credit check, and employment and educational verifications.