The incumbent is responsible for leading the IT Risk and Compliance services for IT within Aviva Canada. The incumbent will direct the design, development, and implementation of Governance and Compliance testing policies and procedures related to the control environment and lead the overall management of Risk solutions and resources in IT. S/he will actively contribute to the strategic planning process in these areas of responsibility.
S/he is accountable for providing direction to the Risk and Compliance professionals, IT Functional leaders in relation to risk activity and priority, budget allocation, risk & compliance metrics within IT and reporting to various stakeholders including Sr. Management (both IT and Aviva) and to the Risk Committee of the Board of Directors as required.
S/he is accountable for developing and maintaining IT’s Compliance Methodology, Governance and Risk advisory services and evaluation and establishment of compliance techniques and standards with considerable focus on Integrated Assurance, Sarbanes-Oxley (SoX), Solvency II, UK based Financial Reporting Control Framework, (FRCF and Non-FRCF) Personal Information Protection and Electronic Documents (PIPEDA) legislation and Control Objectives over Information related Technology (CobiT) best practice frameworks. In his duties s/he must ensure that all areas of Governance, Risk and Compliance in relation to IT initiatives and activities are addressed and needs met.
S/he must build and maintain relationships within IT, Internal Audit, Risk Management, Privacy and Compliance, Finance and Operational Business Unit management.
- Provide leadership for senior executives and management on all IT, Business Protection and Procurement controls and related-risk matters.
- The incumbent will provide thought leadership at a strategic level for Aviva in major risk transformation initiatives, and will formalize a centralized strategy for IT risk embeddedness
- Develop a consistent approach to IT,BP, Procurement Risk mitigation that leverage, Group, best practice methodologies, principles and tools.
- Create the overall governance, methodologies, approach/standards, and necessary tools required to support the strategy with risk leaders across Canada, and UK.
- Identify IT standards risk owners, risk action plans and coach on roles, responsibilities with IT, business to initiate and support effective controls and monitor their effectiveness.
- Define Risk tolerance levels with GI CIO
- Design and development of risk acceptance documentation and certification signoffs.
- Establish risk and compliance control levels against IT standard and monitor effectiveness.
- Support Corporate Program and Project Managers in risk mapping and design.
- Provide necessary recommendations to senior management.
- Liaise with IT leaders, Corporate Risk, FRCF and Group IT Risk professionals to ensure controls mature and evolve against risk tolerance
Governance and Resourcing
- Provide leadership for strategic Governance, Risk and Compliance functions within IT. Provide leadership and problem resolution both internally and externally with IT Management, Internal & External Auditors and external regulatory bodies. Ensure that all FRCF and Non-FRCF efforts for GI are properly resourced and that all activities are completed within a framework of controls. Ensure that all aspects of FRCF are addressed so that the control environment within IT is robust and functioning.
- Provide guidance, leadership and research to support as appropriate to the IT Leadership team, GI Senior Management Team, large corporate projects (Corporate Projects Office) and to similar day-to-day operations of IT, business with IT activities.
Management of Work
- Manage stakeholders and expectations at all levels by building partnership relationships with leadership in Group, Executive Management, IT, Internal Audit, business unit management and External Audit
- Processes and services are controlled and managed in a way as to ensure that all work products are compliant to audit and control regimens. Maintain knowledge of key IT control frameworks such as Control Objectives over Information and related Technology (CobiT), Information Technology Infrastructure Library (ITIL), and Capability Maturity Models (CMM). Address tactical and strategic changes and ensure that processes and services reflect business/IT changes. Responsible for the development of the Compliance Framework and other methodologies that are used by the entire IT group.
- Forecast and manage the budget for the team and forecast resource requirements, address shortfalls, communicate issues and be fiscally responsible.
- University Degree
- One or more of the follow Professional designations: Chartered Accountant (CA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA),
- Certified in Risk and Information System Controls (CRISC),
- Certified Information Systems Security Professional (CISSP)
10 ten years + professional experience in the following areas:
- Compliance – Managing IT compliance activities (controls testing using multiple frameworks such as, CobiT, COSO, ITIL, Sarbanes, PIPEDA. Supporting control owners and engaging with IT Senior Management and Corporate Executives, Information Security, Procurement, Enterprise Project Office and Internal Audit.
- Risk – Risk Assessments (Objectives, Risks, Controls, Action Plans) of projects, project teams and IT processes. Support corporate/enterprise-wide Risk initiatives
- Audit – Working with Internal and External audit, assisting with information requests, validation of findings with controls owners, provide input into management remediation plans. Management ad reporting of open audit issues
- C onsulting – Advise Senior Management, Corporate Executives and Operational Teams on Governance, Risk and Control activities. Influencing and recommending solutions and actions for executive decision in an environment of considerable change where that change will impact future profitability of the organization though a stronger control environment, better, more efficient processes and reduced regulatory and compliance risk.
Must have experience in:
- Competency in risk, communication
- Awareness of risk and compliance trends in the marketplace
- Ability to provide controls guidance across functional areas such as infrastructure processes (ITIL), IT operations, architecture, technology solution design, testing and deployment management
- Ability to provide guidance across other technology specializations such as network, security, hardware, software, and databases
- Highly developed auditor negotiation and vendor management skills
- Knowledge of the IT technologies, operations and finance organizations
Aviva Canada is committed to providing accommodations for people with disabilities during all phases of the hiring process including the application process. If you require an accommodation because of a disability, we will work with you to meet your needs. Applicants need to make their needs known in advance. If you are selected for an interview and require an accommodation, you are encouraged to advise the Talent Acquisition Partner who will consult with you to determine an appropriate accommodation.