Job Specifications
Join our Global Technology Governance & Control team!
Governance & Control (G&C) is the first line of defence in our organization, focused on managing and mitigating risk. We partner with leadership to develop risk culture, define strategy, and deliver the tools, insights, and expertise needed to make confident, risk-aware decisions. Our work supports the broader Technology and Enterprise strategies — and we’re transforming!
Position Responsibilities
Collaborating with our AVP, you’ll be at the center of crafting how we manage risk throughout the Global Technology area. You will set the vision and lead the design of risk assessment strategies across the teams. Your role is pivotal in driving innovation, efficiency, organizational resilience, regulatory compliance, and cybersecurity maturity. Your work will be dynamic, strategic, and future-focused.
Here’s a Snapshot Of Your Impact
Automation‑First Governance Strategy
Lead the vision and execution of automation‑enabled digital security and information systems governance. Build and modernize frameworks that embed AI, analytics, and workflow automation into evaluating and managing risks, oversight of controls, and regulatory compliance activities — while ensuring alignment with global regulatory requirements and industry common practice (e.g., NIST, ISO 27001, GDPR, PCI DSS, SOX, OSFI, SEC, FINRA, DORA, NYDFS, CPRA, FFIEC).
Advisor on Control Automation & Intelligent Risk Detection
Serve as the senior advisor on opportunities to digitize, instrument, and automate technology and cybersecurity controls. Provide expert guidance on emerging technologies, continuous control monitoring, predictive risk signals, and automated issue detection.
Technology-Based Risk Assessment & Process Modernization
Identify, evaluate, and deploy AI and automation capabilities to streamline and enhance risk identification, assessment, testing, and reporting. Champion the shift from manual, point‑in‑time processes to automated, real‑time, data‑based oversight.
Regulatory Intelligence with Automated Impact Analysis
Monitor global regulatory developments and lead the automation of regulatory mapping, impact assessments, and control‑to‑regulation traceability. Translate complex, evolving requirements across North America, EU, UK, and Asia-Pacific into digital action plans and automated compliance workflows.
Digital Compliance Program Management
Lead all aspects of compliance programs, focusing on automation. This includes digitized evidence collection, automated audit preparation, and software-generated reporting for regulators, committees, and boards. Reduce manual burden through scalable, repeatable technology solutions.
Risk Taxonomy & Methodology Modernization
Own the evolution of risk and control methodologies, embedding automation, standardization, and data-driven scoring. Ensure consistent global application and enable system-enforced governance across teams and regions.
Lead Communities of Practice
Establish and guide communities that promote risk management guidelines across the Technology Function. Develop training, publish reusable patterns, and track adoption and performance improvements.
Automated Reporting & Insights
Drive the development of automated dashboards, scorecards, and trend analyses for individual risk programs. Deliver real-time insights that improve decision-making, highlight emerging risks, and track compliance posture with minimal manual intervention.
A Global Automation Ambassador
Represent the function in global forums, leadership meetings, conferences, and strategic workgroups. Advocate for technology-enabled governance, share insights on digital risk trends, and influence global strategy.
Keep Us On Track
Contribute to weekly and monthly reporting — scorecards, dashboards, trackers, summaries.
Required Qualifications
A tech-forward and regulation-savvy leader proficient in automation.
Ability to modernize global technology risk and compliance programs with machine intelligence, data insights, and digital workflows.
Influence senior leadership and lead large-scale organizational change.
Minimum 10+ years of progressive experience in technology risk, cybersecurity, information security, operational risk, business resiliency, or audit within large global enterprises.
Strong academic and professional foundation, including relevant degrees (Computer Science, Information Security, Business, etc.) and certifications such as CISSP, CISM, CRISC, or CPA.
Expertise in risk and control frameworks, including hands‑on use of GRC platforms (Archer preferred), solid command of control standards, and depth in risk assessment, control testing, scoring methodologies, and taxonomy modernization.
Advanced automation and AI capability, including workflow tools, RPA, orchestration, control digitization, and the deployment of AI/ML for continuous monitoring, predictive analytics, automated reporting, and real‑time oversight.
Proven leadership d