Data Risk Manager

Role Title: Data Risk Manager
Location: Toronto/London ON.
Remote can be considered for EST profiles.

Responsibilities:

1. Expert knowledge of data management, data governance, and data AI risk principles.
2. Serve as the SME and point of contact for all data risk management and related work efforts.
3. Create and apply a data risk methodology and program to the company.
4. Experience in compliance risk and audit programs, including regulatory audits.
5. Ability to create frameworks, policies, standards, procedures, and templates.
6. Expertise in creating risk appetite statements, risk limits and thresholds, impact assessments, or risk tolerance.
7. Expertise in risk monitoring and reporting, including escalations to senior management when needed.
8. Conduct audits or independent challenge reviews of internal and external business units' compliance with data governance standards and procedures, including liaising with internal and external auditors or regulators if necessary.
9. Self-starter, creative, and willing to adjust and pivot depending on priorities.
10. Familiarity with regulatory requirements from OSFI, Privacy, Canadian Federal regulations, Health, Dental, and Investment regulations, etc.
11. Bachelor's degree in a relevant field such as Risk Management, Information, Data Science, Data Management, Computer Science, or Engineering. A Master's degree is a plus but not required.
12. Experience or certification in enterprise risk, data maturity models, data AI risk, information systems control, financial risk management, data modeling, AI/ML methodologies, etc.

Role Profile Description:

1. Primarily responsible for evaluating and forecasting potential losses or risks to data that a company may encounter and be impacted by.
2. Lead in creating a data risk and control methodology and review assessment process.
3. Proactive approach and measures to minimize exposure to financial, regulatory, legal, or reputational harm caused by loss limitations (e.g., inaccurate and poor data quality, lack of metadata, data and system breaks, and related issues affecting an organization's ability to acquire, store, transform, move, protect, and use its data assets).
4. Lead and work with various business teams to socialize data risk concepts and enable methodology for implementation and adoption.
5. Expertise in monitoring and conducting gap assessments of internal controls.
6. Collaborate with business owners to ensure proper monitoring and assessment of internal controls using key metrics such as KPIs, KRIs, and KCs to evaluate effectiveness.
7. Knowledge in applying assessment techniques such as Data Management Capability Assessment (DCAM), Risk and Control Self Assessments (RCSA), etc.

Risk and Governance Activities:

1. Primary contact for all data risk and programs.
2. Lead in supporting business teams in adherence to the data risk program and methodology.
3. Define and implement a structured approach for conducting gap assessments of operational risk policies and practices, creating actionable plans to address identified areas for improvement.
4. Create audit or review methodology, including a roadmap of planned assessments.
5. Educate business units on the data risk approach and methodology.

Monitoring and Reporting:

1. Monitor and assess internal controls.
2. Collaborate with business owners to ensure proper monitoring and assessment of internal controls using key metrics such as KPIs, KRIs, and KCIs to evaluate effectiveness.
3. Deliver comprehensive risk reporting.
4. Establish and provide regular reporting on data risks, controls, and mitigations, ensuring that senior management and relevant committees receive timely updates and actionable insights.
5. Engage business units in adopting the program and identify non-compliance with mitigation action plans.

Certifications Required: Associate should be ready to get Protected-B Clearance