Cyber Security And Information Technology Risk Specialist
BDC
We are BDC, the Business Development Bank of Canada and the financial institution devoted to Canadian entrepreneurs. We help create and develop strong Canadian businesses through financing, advisory services and capital, with a focus on small businesses.
Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.
Choosing BDC as your employer also means:
- Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few.
- Paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1.
- A hybrid work model that truly balances work and personal life.
- Opportunities for learning, training and development, and much more.
POSITION OVERVIEW
The Operational Risk Management (ORM) team oversees the effectiveness of multiple operational risk management programs and is responsible for supporting and challenging the business in the management of risks. BDC and the financial services industry are rapidly evolving introducing more interconnected operational risks. The ORM team deploys an array of programs to support the first line of defence to better manage risk as BDC undergoes its digital and strategic transformation. The ORM team is comprised of individuals who are passionate about risk management and improving BDC operations.
We are looking for a Cyber Security and Information Technology Risk Specialist, who will become a key member of the ORM team. They will be positioned as an InfoSec/IT and ORM expert responsible to review the first line of defense in the identification and management of InfoSec and IT risks across the ORM Framework. They will have the opportunity to work with individuals across the entire organization and contribute to many initiatives and projects. They will play a key role in the design, deployment, and evolution of the ORM Framework and methodologies.
CHALLENGES TO BE MET
- Support first and second-line stakeholders executing ORM Programs including: Risk and Control Self Assessments, Key Risk Indicators, Operational Risk Events, Business Continuity Management, Risk Appetite, and new product and business initiative risk assessments for products, projects and other changes.
- Effectively challenge and critically review first and second line InfoSec/IT risk assessments and risk events.
- Monitoring and oversight of remediation activities and action plans.
- Recommend new technology risk assessment methodologies and tools.
- Ensure the strength of ORM work methods and their evolution in line with BDC operational realities and industry best practices.
- Manage and improve ORM program reporting including program reporting, data collection and analysis, risk reporting, action plans, and committee presentations.
- Develop and maintain ORM stakeholder relationships including first line leadership, second line risk functions, and communication with senior leaders.
- Develop, enhance, and document ORM Governance and procedures.
- Coaching and sharing knowledge with more junior members of the team improving functions overall capability.
WHAT WE ARE LOOKING FOR
- Bachelor’s degree in Information Technology, Communications, Business Administration, Social Sciences-related discipline.
- Master’s degree or other equivalent combination of education and work experience preferred.
- Recognized technology and/or Risk certification preferred (CRISC, CISM, CISA, Open FAIR, CISSP, COBIT, etc.).
- Five years of experience working in Technology Risk, Technology Resilience, Technology Audit or related field.
- Subject matter expertise in IT Operations, Data, Digital, Emerging Technology and/or Information Security.
- Experience with understanding and translating complex business requirements in a fast-paced banking sector preferred.
- Strong business acumen, analytical qualitative and quantitative skills (advanced MS Excel, Power BI an asset).
- Excellent French and English written and verbal communication skills, including for the development and delivery of presentations.
- Excellent understanding of modern governance, risk and control frameworks, including the three lines of defense.
- Comfortable dealing with and challenging senior stakeholders.
- Responsive, agile approach to manage changing priorities.
- Continuous improvement/learning mindset, challenging the status quo and seeking self improvement.
- Acuity for perceiving and understanding client/stakeholder needs.
- Strong planning, coordinating, organizing, training and implementation skills.
- Proven record in applying judgment in creating and sustaining a sense of urgency in anticipating and/or preventing impacts to business operations.
- Ability to prioritize, meet tight deadlines, escalate when necessary, and work in a multicultural, bilingual and dynamic environment.
- Proficiency with MS Office Suite (Word, PowerPoint, Visio).
Proudly one of Canada’s Top 100 Employers and one of Canada’s Best Diversity Employers, we are committed to fostering a diverse, equitable, inclusive and accessible environment where all employees can thrive and feel empowered to bring their whole selves to work. If you require an accommodation to complete your application, please do not hesitate to contact us at accessibility@bdc.ca.
While we appreciate all applications, we advise that only the candidates selected to participate in the recruitment process will be contacted.