Choose a workplace that empowers your impact.
Join a global workplace where employees thrive. One that embraces diversity of thought, expertise and passion. A place where you can personalize your employee journey to be — and deliver — your best.
We are a leading global real estate investor, developer and manager. We combine our capital with our capabilities to create real estate that strengthens economies and communities. By prioritizing people, partnerships and places, we generate meaningful returns for OMERS members, enhance value for our capital partners and create a brighter world for our customers.
Join us to accelerate your growth & development, prioritize wellness, build connections, and support the communities where we live and work.
Don’t just work anywhere — come build tomorrow together with us.
Know someone at OMERS or Oxford Properties? Great! If you're referred, have them submit your name through Workday first. Then, watch for a unique link in your email to apply.
The Manager, Technology Risk & Controls leads the Technology Risk and Cybersecurity Assurance function within Internal Controls at Oxford. Reporting to the Senior Manager, Internal Controls, this role is accountable for establishing and operating the technology risk and cybersecurity assurance framework across the organization.
Operating in a dynamic environment, the Manager leads a team of Senior Analysts and is responsible for navigating ambiguity, building structure, and driving outcomes. The role partners with Technology, Operations, and business leadership to embed a strong control environment and enable risk-informed decision-making.
As a trusted advisor, the Manager is accountable for identifying, assessing, and mitigating technology risks across systems, infrastructure, OT, and third-party services, including oversight of IT General Controls (ITGCs) supporting financial and operational reporting.
You will be responsible for:
Technology Risk & Cybersecurity Assurance
Lead the development, implementation, and continuous enhancement of the Operational Technology Cybersecurity Framework, including maturity assessments across assets, systems, and applications
Oversee technology risk identification, assessment, and mitigation
Ensure appropriate cybersecurity controls and ITGCs are designed and operating effectively across internal teams and managed service providers
Drive timely remediation of risks, audit findings, and control deficiencies
Risk Management and Reporting
Own and maintain the Technology Risk Register aligned with enterprise risk standards
Define and monitor KRIs to assess risk exposure and control effectiveness
Perform thematic analysis to identify emerging risks, trends, and systemic control gaps across the technology landscape
Deliver executive-level technology risk reporting and insights to senior leadership and Operational Risk
Support Business Impact Analysis (BIA) and Business Continuity Planning (BCP) activities
Governance, Policies and Frameworks
Develop and continuously improve technology risk policies, standards, and procedures
Ensure alignment with enterprise frameworks and leading practices (NIST, ISO, COBIT, CIS)
Embed risk management into technology operations, projects, and delivery processes
Stakeholder Management, Advisory, and Assurance
Serve as a trusted advisor to Technology, Operations, and business leaders, providing risk-based guidance and fostering a strong risk-aware culture.
Lead internal and external technology risk, cybersecurity, and ITGC audits, including stakeholder coordination, assurance requests, response management, and deliverable quality review.
Drive accountability for the timely remediation of audit findings, control deficiencies, and key technology risks.
Represent Service Assurance in governance forums, steering committees, and cross-functional initiatives, influencing risk-informed decision-making aligned with business objectives.
Conduct targeted reviews of systems, processes, and controls to assess risk exposure, control effectiveness, and improvement opportunities.
Training, Awareness and Continuous Improvement
Lead cybersecurity and technology risk awareness initiatives, developing guidance and training to strengthen risk management and control practices.
Monitor regulatory developments and industry trends, ensuring frameworks, processes, and tools remain aligned with leading practices.
Drive continuous improvement by enhancing risk management capabilities, promoting proactive risk identification, and fostering a strong risk-aware culture.
Leadership and People Management
Lead, mentor, and develop a high-performing team, fostering a collaborative, accountable culture while building capability in technology risk, cybersecurity, and assurance.
Set clear expectations, manage priorities, and provide direction in complex or ambiguous situations to ensure the timely delivery of high-quality outcomes.
Required Skills & Experience
Degree in Business, Technology, Risk Management, Cybersecurity, or a related field, with 5–7 years of experience in technology risk, cybersecurity, internal controls, audit, or regulatory compliance.
Strong knowledge of technology risk management, cybersecurity principles, IT General Controls (ITGCs), and industry frameworks including NIST, ISO, COBIT, and CIS.
Proven experience leading teams, driving accountability, supporting internal and external audits, and operating effectively in professional services or Big 4 environments.
Excellent analytical, communication, and stakeholder management skills, with the ability to identify risks and control gaps, influence decision-making, and translate complex issues into actionable insights.
Experience leveraging automation and AI to enhance risk management and assurance processes.
Highly organized, proactive, and adaptable, with the ability to manage multiple priorities in a fast-paced environment and advanced proficiency in Excel, PowerPoint, and Word.
Preferred Skills & Experience
Relevant certifications preferred (CISA, CRISC, CISSP, CISM)
Experience with Resolver or similar GRC platforms strongly preferred
We believe that time together in the office is important for OMERS and Oxford, the strength of our employees, and the work we do for our pension members. Our hybrid work guideline requires teams to come to the office a minimum of 4 days per week.
This posting is for an existing vacancy.The expected salary range for this position is $103,000.00 - $157,000.00 per year.
You may also be eligible to receive an annual Incentive Award pursuant to our Short-term Incentive plan and our Long-Term Incentive plan (if applicable), and to participate in our group benefits and retirement plans – details on these elements of compensation are included within OMERS & Oxford offer letters.
Oxford's purpose is to strengthen economies and communities through real estate.
Our people-first culture is at its best when our workforce reflects the communities where we live and work — and the customers we proudly serve.
From hire to retire, we are an equal opportunity employer committed to an inclusive, barrier-free recruitment and selection process that extends all the way through your employee experience. This sense of belonging and connection is cultivated up, down and across our global organization thanks to our vast network of Employee Resource Groups with executive leader sponsorship, our committee and employee recognition programs.
Artificial intelligence (AI) tools are used to support certain stages of the OMERS recruitment process. While AI assists us in our process, human judgment and decision-making remain central to our candidate experience.