Division: IGM Technology

Location: Winnipeg

IGM Financial Inc. is one of Canada's leading diversified wealth and asset management companies with approximately $271 billion in total assets under managements. The company provides a broad range of financial planning and investment management services to help more than two million Canadians meet their financial goals. Its activities are carried out principally through IG Wealth Management and Mackenzie Investments.

Under IGM Financial's unique business model based on leading brands and multi-channel distribution strategy, we’re IG Wealth Management. For over 90 years of business, we have grown to become one of the largest most respected companies in Canada. We are a leader in providing the best advice, experience and outcomes for our clients, personalized throughout their lifetime.

At IG Wealth Management, our vision is to inspire financial confidence.

This is your opportunity to build a career with a leading organization where you can learn, grow and thrive both professionally and personally. We are proud to be recognized as one of Canada’s Top Employers by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while working remotely, while also providing resources to ensure physical and mental wellness were put front and center.

You will join a team that believes our success starts with the success of our clients, while working together as a team to realize our greatest potential. You will join a team that strives towards excellence while developing and sharing skills and knowledge. You can make a difference for our clients, the world around us and be part of a team that cares. We are dedicated to offering a hybrid work environment when applicable.

IG Wealth Management is a diverse workplace committed to doing business inclusively - this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada – including racialized persons, women, Indigenous persons, persons with disabilities, 2SLGBTQIA+ community, gender diverse and neurodiverse individuals, as well as all who may contribute to the further diversification of ideas.

Role & Responsibility

The AVP, IT Risk is responsible for First Line of Defense for IGM with responsibility for planning, directing, controlling, identifying and managing the inherent operational risks in products, activities, processes and systems across IGM.

This role sets the enterprise risk strategy and risk appetite and matures, expands and optimizes IGM’s information risk management capabilities while positioning the organization to be agile and ready to respond to ever-changing threat landscape and security risks.

The AVP directs staff in execution of the risk strategy to ensure information and information technology risks are within acceptable levels.

Risk Strategy

• Responsible for designing, advising, supervising and coordinating the implementation, management and execution of the IGM IT security, risk and compliance framework

• Collaborate with the Executive Leadership team to develop an enterprise security vision and first line of defence strategy

• Develop and publish risk management policies and guidelines including third party risk assessments, penetration testing, vulnerability assessments and continuous monitoring

• Distill and report on issues to leadership and where applicable to 2nd Line of Defense Partners

• Lead discussions with 2nd Line partners about potential solutions to issues identified

• Partner with other members on the Governance and Control teams to assess business and regulatory risk

• Keep abreast of emerging issues, trends, and evolving regulatory requirements to identify new opportunities and assess potential impacts

• Ensure risk issues are identified, managed and reported per enterprise policy/guidelines and ensure appropriate escalation processes are followed

Execution and Operational Support

• Execute on First Line of Defense

• Support experts in the execution of the Agile and Waterfall project methodology across lines of business

• Provides guidance and expert advice into the management of application security risks, and influences the identification, measurement, and management of cyber security risk

• Support the successful launch of new initiatives by finding the right balance of governance and controls while ensuring activities are within IGM’s risk appetite and risk management policies

• Be the Subject Matter Expert/first point of contact for respective risk/control function responding in a timely manner to support project execution

• Provide guidance on detailed business requirements for projects to address regulatory requirements and expectations

• Work closely with Transformation delivery teams to provide support, guidance and analysis on business risk and regulatory compliance issues

• Support transparency with 2nd Line of Defense risk control partners through engagement, defined interaction model and issuance of processes, requirements and/or artifacts supporting their mandate of oversight and challenge

• Support for various risk functions within IGM

• Provide consultation and guidance for workstream leads to ensure full understanding of requirements and appropriate risk controls

• Work effectively with 2nd line partners to address issues and emerging risks on new initiatives

• Accountable for ensuring IGM can demonstrate that we are compliant with all relevant cyber security standards and regulations, and supporting and enabling our second and third lines of defense

• Develops and implements an IGM enterprise risk, security and compliance awareness and training program that fosters a culture of continual awareness, accountability and proactive behavior across IGM

• Uses various risk identification, measurement, management and monitoring tools such as Risk and Control Assessments (RCAs), Threat and Risk Assessments (TRAs), Privacy Impact Assessments (PIAs), scenarios, key risk indicators, event reporting, and incident reporting

• Gather metrics and ensure Information security incidents are identified, reported, mitigated and resolved in a timely, accurate and sustainable manner

• Take end to end ownership of cybersecurity owned programs and related activities including security policies, vendor risk and compliance management, regulatory audits, security awareness and training, security integration and assessment of M&A and related ventures

• Works with all levels of the organization to ensure understanding and implementation of IT Risk and Security policies and procedures, processes and controls

• Develop metrics, measurement methodologies, reporting and processes (including Key Risk Indicators) to consolidate, interpret and report enterprise risk information to senior management, Board, regulators and external ratings agencies

• Continuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts

• Selects and identifies the best risk assessment tools to support risk identification, risk impact assessment, risk prioritization and risk tracking in support of the second line of defense, compliance and audit standards, policies and guidelines

• Support ongoing socialization of risk initiatives

Qualifications

• 10+ years of progressively senior IT risk and compliance experience, with experience in top tier management consulting firms preferred

• Strong risk management expertise, with knowledge and experience managing strategic IT risks

• Experience developing financial and nonfinancial risk management methodologies, measures, control frameworks, policies, procedures, standards, guidelines and related processes

• Strong track record of successfully developing and executing risk methodologies in partnership with cross functional teams that achieve intended benefits

• Experience working with legal, audit and compliance staff

• Experience with common information security management frameworks, such as International Standards Organization (ISO) 27001, National Institute of Standards and Technology (NIST) cybersecurity framework, Cloud Security Alliance Cloud Controls matrix and other leading-edge security frameworks

• A strong understanding of the business impact of security tools, technologies and policies

• One or more industry recognized information professional designations

• Knowledge of the Financial Services industry would be an asset

Relevant certifications include:

• Certified Information Systems Security Professional (CISSP)

• CRISC - Certified in Risk and Information Systems Control

Skils:

• Leadership:

  • Attract and retain high caliber talent by recognizing organizational and individual needs

  • Set vision and priorities for the team with clarity and confidence, effectively managing capacity and planning activities and ensuring staff are set up for success

  • Influence staff in functions and business to achieve outcomes in a highly consultative and partnering manner

  • Continually develop the overall capability of a diverse team and accurately appraise the strengths and development areas of the team through constructive feedback

  • Strong leadership skills and the ability to work effectively with Executive and business partners, IT engineering and IT operations staff.

  • Superior collaboration and interpersonal skills with a demonstrated ability to work effectively and build consensus in a multi-functional team environment

  • Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment

  • Strong capabilities to develop and guide information security team members and IT operations personnel, and work with minimal supervision

  • Strong desire to implement change and contribute to the organization

• Relationship Management:

  • Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with senior management, the IT organization, project and application development teams, internal and external business partners and vendors

  • The ability to interact with company personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.

  • Proven ability to establish and build healthy working relations and partnerships with clients, vendors and peers

  • Highly credible with senior executives while also able to connect and build trust- based relationships with stakeholders at all levels of an organization

  • Gain commitment, trust and support from others and will be able to sell ideas inside and outside the organization

• Influence & Focus:

  • Ability to focus/align the organization around critical initiatives, best practices and guiding principles

  • Exceptional influencing skills and ability to work transparently and cooperatively with the cross-functional teams, effectively engaging all pertinent stakeholders, both internal and external

• Determination:

  • The successful candidate will not be afraid to challenge the status quo

  • Exhibit a mindset of creativity, determination, and an energetic drive to succeed

  • Have a proven track record of setting and meeting aggressive goals and action plans, both as an individual and with a team

• Versatility and Resilience:

  • Able to oversee multiple projects and excel in a complex and evolving portfolio

  • Demonstrate appropriate flexibility in all situations and will be comfortable with ambiguity, while pivoting from macro to micro issues, from shaping the technology, innovation, digital, and strategy agenda through to the day-to- day details of operations and compliance issues

• Integrity:

  • Adhere to the highest standards of personal and professional integrity and set a positive example for others

• People Management:

  • Provide leadership and effective management of staff

  • Accountable to influence employee commitment to the organization, to the team, and to their job

  • Set appropriate context when assigning work to link the employee’s work to organizational/ business unit goals

  • Lead and build a team and individual capabilities to ensure employees can perform to job requirements

Please visit our career page by clicking on the following link: https://www.ig.ca/en/careers

We thank all applicants for their interest in IG Wealth Management; however only those candidates selected for an interview will be contacted.

IG Wealth Management is an accessible employer committed to providing a barrier free recruitment experience. If you require an accommodation or this information in an alternate format at any stage of the recruitment process, please reach out to the Talent Acquisition team who will work with you to meet your needs.

Please apply by January 3, 2025.

#LI-KN1

#LI-Hybrid