IT Operational Risk Representative

Company Description: At Nöord Technologies, we empower top-tier financial institutions with exceptional talent in banking and capital markets. We are currently seeking, on behalf of one of our clients, a high-caliber IT Operational Risk Representative (ORR).

Position Overview: The IT Operational Risk Representative (ORR) encompasses the management of IT permanent control and IT risk reporting.

As an IT Permanent Control Senior Officer, the ORR operates as a first-line control champion embedded within IT Operations, serving as the operational bridge between technical teams and control frameworks. This role focuses on the practical implementation, coordination, and operationalization of IT controls directly within day-to-day technology operations—ensuring controls are not imposed externally but built collaboratively with IT teams as integral components of operational excellence. This position partners with IT operational teams to design pragmatic controls, facilitate their adoption, coordinate evidence collection, and maintain ongoing control health through continuous dialogue and operational support.

As an IT Risk Representative, the ORR serves as the operational liaison between IT teams, the IT Risk Officer (ITRO), and second-line functions, translating operational realities into risk indicators.

Key Responsibilities:

1. IT Permanent Control
   

• Operational Control Coordination & Implementation: Collaborate directly with IT infrastructure, application, security, and platform teams to translate control requirements into practical, executable operational procedures.
  

• Co-design control activities with technical teams, ensuring controls align with existing workflows and operational realities rather than creating parallel bureaucratic processes.
  

• Facilitate control implementation workshops with system administrators, engineers, and technical leads to build shared understanding and ownership of control objectives.
  

• Control Explanation & Enablement: Translate complex regulatory and compliance requirements (SOX, ISO 27001, NIST) into clear, actionable guidance that IT operational teams can understand and implement.
  

• Conduct regular enablement sessions with technical staff to explain the "why" behind controls, building control awareness and fostering a culture of operational accountability.
  

• Develop practical control guidance documents, playbooks, and job aids tailored to specific IT operational contexts (infrastructure, cloud, applications, databases).
  

• Evidence Coordination & Control Health Monitoring: Coordinate evidence collection processes with IT operational teams, ensuring documentation requirements are clear, reasonable, and integrated into existing operational workflows.
  

• Maintain operational control repositories and documentation, working with technical teams to ensure evidence is complete, accurate, and readily accessible within the internal repository (COSMOS).
  

• Monitor control execution status in real-time, proactively identifying operational blockers and working with teams to resolve issues before they become control gaps.
  

• Perform Test of Design (ToD) and Test of Effectiveness (ToE) campaigns.
  

• Report the status of the Control Plan to the Monthly IPC Governance and IT Steering Committee.
  

• Continuous Improvement & Operational Optimization: Identify opportunities to streamline control processes based on direct operational feedback, proposing automation, simplification, or consolidation where appropriate.
  

• Champion control efficiency initiatives that reduce operational burden while maintaining control effectiveness.
  

• Facilitate lessons-learned sessions with IT teams following control cycles, capturing operational insights to improve future control design and execution.
  

• Identify gaps in the GIT RCSA (Risk Control Risk Assessment) and update the RCSA whenever required.
  

1. Operational Risk Representative
   

• Administrate and coordinate risk reporting with the IT Risk Officer (ITRO) and the 2nd line of defense (KRIs, Losses / Incidents, Changes in market or regulatory rules, Recommendations from IGE or regulators).
  

• Liaise with Head Office and communicate updates to any relevant party.
  

Common Values:

• Ensure the respect of policies and procedures of the Bank, as well as regulatory requirements.
  

• Ensure accuracy and expediency of any activity related to audits.
  

• Ensure adherence to LEAN Management processes implemented in NY & Montreal.
  

• Promote GIT’s values and visions of "1 Team" across all functions and geographical locations.
  

Requirements

Qualifications & Technical Skills:

• Education: Minimum Bachelor's degree in a related field.
  

• IT Environment: Strong understanding of IT operational environments: infrastructure, databases, application architectures, and DevOps practices.
  

• Frameworks & Controls: Working knowledge of IT control frameworks: ITGC, SOX IT controls, ISO 27001, NIST CSF, COBIT.
  

• Operational Processes: Familiarity with IT operational processes: change management, patch management, incident response, vulnerability management, backup/recovery.
  

• Tools & GRC: Understanding of control automation tools and GRC platforms (ServiceNow GRC, AuditBoard, or similar).
  

• Software & Systems: MS Office, Advanced Excel, Visual Basic, Jira.
  

• Certifications: Preferred certifications: ITIL, CompTIA Security+, CISA, CRISC, ISO 27001 Lead Implementer.
  

• Languages: Fluent in English.
  

Behavioral Competencies:

• Operational Mindset: Ability to think like an IT operator and design controls that fit operational realities.
  

• Collaborative Influence: Builds trust and credibility with technical teams through partnership rather than enforcement.
  

• Practical Problem-Solving: Finds pragmatic solutions that balance control effectiveness with operational efficiency.
  

• Clear Communication: Translates complex compliance language into plain operational guidance.
  

• Adaptability: Comfortable working in fast-paced technical environments with evolving priorities.
  

Required Experience:

• Overall: 10-15 years of total professional experience.
  

• 5-7 years in IT operations, infrastructure, or technical roles with hands-on experience in system administration, application support, or similar technical domains.
  

• 5+ years working with IT controls, compliance frameworks, or operational risk management in a first-line or embedded capacity.
  

• Demonstrated experience coordinating cross-functional operational initiatives and building collaborative relationships with technical teams.
  

• Experience translating compliance requirements into operational procedures and facilitating adoption across technical teams.