Head of Technology - Risk and Governance

Head of Technology - Risk and Governance

Waterloo, ON, Canada Req #2370 Tuesday, July 16, 2024 At Equitable, we realize that your work life is not just about performing a job;

it's about being part of a workplace that helps you grow and reach your full potential. Within our friendly and collaborative work environment, we recognize that the key to our growth and success is a dedicated, motivated and client-responsive staff. Join Equitable today.

Position Title : Head of Technology - Risk and Governance Reports To : Executive Vice-President, Chief Information Officer

Department : IT - Enterprise Wide Term : Permanent Full-Time

Work Arrangements : This is a hybrid role. You will work in our office in Waterloo, ON a minimum of two (2) assigned, consecutive days every other week, plus a fifth (5th) assigned day per month.

You are welcome to work from the office more than the minimum requirement and there may be some roles that are required to work in our office more than the minimum requirement.

The Opportunity : Equitable is growing! We are looking for a Head of Technology - Risk and Governance to join our IT team!

The Head of Technology - Risk and Governance is an enterprise-wide technology leadership position responsible for information security and technology risk and governance design, strategy and implementation across the organization.

Now is an exciting time to join one of the Waterloo Area's and Southwestern Ontario's Top Employers for 2024!

What you will be doing :

• Provide strong leadership and mentorship to teams responsible for information security risk and governance.
• Lead information security strategic initiative as part of digital modernization.
• Responsible for ensuring robust information security controls are in place, safeguarding the enterprise digital assets and data platforms.
• Lead information risk management, identifying potential threats and vulnerabilities and build risk mitigation strategies.
• Lead business continuity and crisis management plan across the entire organization.
• Institutionalise governance for software development methodologies across the technology function.
• Lead technology risk management including cyber security, technology currency, technology debt, execution etc.
• Lead the organization through information security incidents, ensuring swift and effective remediation.
• Synthesize information and provide clear recommendations for the organization's security and risk mitigation.
• Collaboration with cross-functional teams to ensure a cohesive approach to information security.
• Galvanize support and inspire cross-functional teams to work together toward information security goals.
• Monitor and respond to cyber threats, proactively protecting the organization from cyberattacks.
• Stay updated on emerging threats and industry best practices to maintain a secure digital environment.
• Monitor and report on the effectiveness of risk management efforts.
• Understand the legal and ethical implications of information security decisions.
• Promote a culture of collaboration, innovation, and agility within your teams.
• Develop and implement risk mitigation strategies and controls to mitigate risks and protect the organization's assets and data.

What you will bring :

• Certifications : Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified Ethical Hacker (CEH).
• Comprehensive understanding of information security principles, technologies, and best practices to develop and implement effective strategies to mitigate risks related to data breaches, cyber-attacks, and other security threats.
• Experience in building technology risk frameworks and management plan with adequate risk mitigation strategies.
• Capability to institutionalise governance for software development methodologies across the technology function.
• Ability to create and implement relevant policies and guidelines in collaboration with business and corporate functions.
• Thorough knowledge of information security principles and information security standards (e.g., ISO 27001, NIST Cybersecurity Framework) and emerging trends in information security.
• The ability to forecast, assess, and manage information security risks effectively, including identifying vulnerabilities, evaluating their impact, and implementing risk mitigation strategies.
• Familiarity with and understanding of relevant compliance, data protection laws and industry-specific regulations (e.g.

PIPEDA, Quebec's Act respecting the protection of personal information in the private sector, and OSFI Guidelines such as B-13 and the Integrity and Security Guideline.

and the ability to ensure organizational compliance.

• Strong analytical and critical thinking skills and the ability to apply such skills to unchartered situations or events to make informed risk-related decisions and recommendations to executive leadership.
• Skills in assessing and managing third-party vendors and their security practices to ensure the security of the organization's supply chain.
• Effective problem-solving, adaptability, and a collaborative mindset are important for dealing with the ever-changing landscape of information security threats.
• Ability to handle and guide the organization through crises or unexpected events that pose risks to the business.
• Proficient in engaging with various stakeholders, including executives, board members, and external partners, to communicate risk-related information effectively.
• Skill in developing technology risk mitigation plans that align with the organization's long-term objectives and risk appetite.
• Strong analytical, strategic thinking and communication skills with the ability to synthesize, develop and present clear and concise recommendations.
• Strong leadership skills including change management, mentorship, motivation, coaching and development, and the ability to galvanize support.
• Strong analytical, strategic thinking and communication skills with the ability to synthesize, develop and present clear and concise recommendations and ability to communicate a compelling vision and inspire others to deliver.
• Proactive risk identification, mitigation planning, and escalation organizational awareness to balance the viewpoints of various stakeholders.
• Ability to articulate and show case the progress to senior stakeholder.

What's in it for you :

• A healthy work-life balance with employee wellness top of mind
• Annual bonus program, annual vacation allowance, and company-paid benefits program
• An additional paid volunteer day each year so you can spend time giving back to the community
• Immediate enrollment in the company's pension program with employer matching
• Employee resource groups that support an inclusive work environment
• Tuition support and specialized program assistance
• An onsite, full-service cafeteria with a variety of daily options
• Discounts on company products and services, and access to exclusive employee perks
• Regular EQ Together events focused on company togetherness and collaboration

As part of the recruitment / offer process you will be required to :

• Provide two professional references (minimum one supervisor and above)
• Undergo a criminal background check
• Undergo verification of your educational successes
• Undergo a credit check

To learn more about Equitable, we encourage you to explore our organization.