Principal, IT & Cyber Governance, Risk and Control

Principal, IT & Cyber Governance, Risk and Control

5700 Yonge St, North York, ON M2M 4K2, Canada Job Description

Questrade Financial Group (QFG) , through its companies - Questrade, Questbank, Questrade Wealth Management, Community Trust Company, Zolo, and Flexiti, provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, real estate services, financial services and more. We use cutting-edge technology to help Canadians become much more financially successful and secure. At QFG, we combine human-centric collaboration with AI-driven innovation to redefine financial services. The ideal candidate will be a catalyst for change, using AI to transform and deliver unparalleled customer experiences and shaping a future where AI empowers our teams to do their best work. Join our diverse, inclusive, and hybrid workplace to unleash your creativity and nurture your curiosity without limits. If you share this sense of infinite possibility, come shape your future at QFG. What’s in it for you as an employee of QFG? Health & wellbeing resources and programs Paid vacation, personal, and sick days for work-life balance Competitive compensation and benefits packages Work-life balance in a hybrid environment with at least 3 days in office Career growth and development opportunities Opportunities to contribute to community causes Work with diverse team members in an inclusive and collaborative environment This job posting is for an existing vacancy. We’re looking for our next Principal, IT & Cyber Governance, Risk and Control. Could It Be You? The Principal, IT & Cyber Governance, Risk and Control is a senior, expert-like role in the IT & Cyber GRC team. The Principal has the primary responsibility for managing Audit & Regulatory as well as Control Assurance activities, ensuring technology and cyber operations meet rigorous internal policies and external compliance standards, notably SOC 2, SOC 1, and other key frameworks in addition to regulatory requirements (OSFI, CIRO, etc). The role involves driving strategic framework implementation, and spearheading complex risk and control assessments. A critical component is serving as the primary liaison for all audit and attestation engagements, and providing IT & Cyber GRC counsel to high-priority technology projects to ensure security controls are effective and compliance is maintained by design. This position requires in-depth knowledge of technology, cybersecurity, emerging threats and evolving regulatory requirements to proactively manage technology and cyber risk. In this role, responsibilities include but are not limited to: Lead the continuous monitoring and coordination of control-evidence collection and assurance, leveraging automation and innovative GRC solutions to streamline these processes, while also spearheading complex, high-impact control risk assessments and assurance reviews for critical existing IT & Cyber processes and all new strategic initiatives. Drive the strategic design, implementation, and rigorous testing of technology & cybersecurity controls in deep partnership with cross-functional teams to achieve and maintain compliance with target frameworks (e.g., SOC 2, SOC 1, OSFI B-13). Lead all regulatory compliance-related initiatives, including conducting formal gap assessments against control frameworks (e.g., SOC 1 & SOC 2 readiness, OSFI B-13, etc) for new and existing policies and technologies. Manage and serve as the primary point of contact for all internal, external, and regulatory audit and attestation engagements ensuring successful evidence submission and positive assurance outcomes. Take ownership of and execute complex, ad‑hoc, high‑priority activities that require immediate control implementation or assurance validation due to emerging threats or critical business needs. Maintain and actively apply a thorough, expert-level understanding of core GRC Frameworks (SOC 2, ISO 27001, etc.) to strategically and effectively drive control implementation and assurance activities. Maintain expert subject matter knowledge and awareness of new and pending legislative, legal, and statutory changes as they translate into new or updated control requirements across GRC frameworks. Act as a trusted advisor in technology and cyber projects as well as working groups, providing expert GRC counsel on best practices and mandatory requirements during the entire product development and deployment lifecycle. So are YOU our next Principal, IT & Cyber Governance, Risk and Control? You are if you… 5 to 7 years of experience in Information Technology, Cyber Security, Internal Audit, Risk Management and/or Compliance in a financial institution. 3 to 5 years of hands‑on information technology or security operations experience. Holds one or a combination of CISA, CRISC, CISM, CGEIT or equivalent. Knowledge and experience working with data, security, compliance and privacy laws in the Canadian investment and banking industry. Experience writing or updating IT and Security procedures. Experience building key performance and risk indicator dashboards for different management levels. Experience with assessment and review of SOC 1 and 2 reports. Knowledge of a broad set of industry best practices (COBIT, ITIL, NIST CSF, Cloud CSC, Agile SAFE, PCI-DSS, etc.) Exposure to financial industry business processes. Exposure to enterprise and operational risk principles and practices. Exposure to risk scenario analysis, risk quantification and loss event modeling. Experiences with using compliance automation tools. Attributes Strong written, oral communication and interpersonal skills. Ability to communicate with individuals at all levels of the organization. Highly curious, self‑motivated and directed. Proven Governance, Risk and Control knowledge. Strong attention to detail and proven analytical and problem‑solving abilities. Ability to effectively prioritize and execute tasks in a high‑pressure environment. Experience working independently and a team‑oriented, collaborative environment. Ability to conduct research and present insights succinctly. Compensation Information Base salary range: $115,000 - $135,000 The final compensation package will be commensurate with the successful candidate's experience, skills, and geographic location (Canada). It includes a comprehensive benefits plan and a competitive incentive (bonus) program for Full‑Time Permanent roles. Sounds like you? Click below to apply! At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us. Questrade Financial Group of companies Applicant Tracking System utilizes artificial intelligence (AI) for application screening. The AI system operates on predetermined criteria, with final decisions subject to human review. Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs. 5700 Yonge St, North York, ON M2M 4K2, Canada

#J-18808-Ljbffr