Sr. IT Risk & Compliance Analyst (Disaster Recovery)
City : Toronto, Ontario, Canada
Category : Full time
Industry : Public Services/Utilities
Employer : Healthcare of Ontario Pension Plan (HOOPP)
Why you’ll love working here:
high-performance, people-focused culture
our commitment that equity, diversity, and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selves
learning and development initiatives, including workshops, Speaker Series events and access to LinkedIn Learning, that support employees’ career growth
membership in HOOPP’s world class defined benefit pension plan, which can serve as an important part of your retirement security
competitive, 100% company-paid extended health and dental benefits for permanent employees, including coverage supporting our team's diversity and mental health (e.g., gender affirmation, fertility and drug treatment, psychological support benefits of $2,500 per year, and newly extended maternity/parental leave top of 26 weeks)
optional post-retirement health and dental benefits subsidized at 50%
yoga classes, meditation workshops, nutritional consultations, and wellness seminars
access to an annual wellness reimbursement program for health and wellness-related expenses for permanent and temporary employees
the opportunity to make a difference and help take care of those who care for us, by providing a financially secure retirement for Ontario healthcare workers
The Sr. IT Risk and Compliance Analyst (Disaster Recovery) plays an integral role within the IT Governance, Risk and Compliance (GRC) scrum team in HOOPP’s IT Operational Resilience team, which is part of the IT Security, Risk and Governance group (“SRG”). SRG is one of four groups within the Information Technology (“IT”) Division of HOOPP.
This role exists within a collaborative, cross-functional team of IT GRC professionals who report to the Director, IT Operational Resilience.
The Sr. IT Risk and Compliance Analyst (Disaster Recovery) is a champion of IT risk management and compliance in the organization. This role requires an adaptive, inventive and accountable member of the IT GRC scrum team working in partnership with the Product Owner, Technology GRC.
A primary goal of this role is to provide exceptional IT risk management support, advice, and facilitation to optimize HOOPP’s IT risk management processes, and to foster, advocate for, and strengthen HOOPP’s IT risk culture.
The key responsibilities of the Sr. IT Risk & Compliance Analyst include participating and leading activities for the cyclical Disaster Recovery program, and providing guidance and to facilitate remediation activities, providing expert advice to stakeholders on IT risk matters, lead the monitoring and co-ordination of risk related activities, promoting risk awareness and refining the IT risk program. The Sr. IT Risk & Compliance Analyst will be an active participant in all IT GRC scrum ceremonies, taking accountability for work they commit to and ensuring team goals (Strategic OKRs and KTLO goals) are achieved.
This role requires both knowledge and leadership skills to understand HOOPP’s business and IT needs for effective risk management, collaborating with various stakeholders including IT, audit, and business teams to maintain and strengthen the value proposition of IT GRC across the organization.
What you will do:
- Maintain IT GRC program documentation including policies, standards, procedures, and guidelines in support of HOOPP's GRC practices and assist in developing further documentation.
- Lead and manage collaboration with internal teams to understand their business processes, how they manage risks, and respond / advise on their compliance needs and concerns.
- Lead and manage the performance of gap assessments for new and existing policies and standards and carry primary responsibility for any other compliance related initiatives that may arise.
- Is a recognized expert across HOOPP and promotes risk awareness and culture through education training and advocacy interactions with all levels of leadership.
- Develop controls and mitigation plans and help drive their implementation, by communicating complex technology risk and controls concepts to stakeholders in IT and across HOOPP business teams.
- Participate in coordinating and supporting IT divisions in Internal Audits.
- Provide regular status updates ensuring stakeholders are aware of progress and roadblocks.
- Leads others in using analytical tools and solving complex problems related to the development of HOOPP's IT compliance program and validating compliance with applicable internal controls and policies.
- Maintain a thorough understanding of technology and GRC practices to assist with IT risk management in a rapidly changing IT environment.
What you bring:
- Over 5 years of experience in IT Risk & Compliance, IT Audit, and IT Governance with experience in Disaster Recovery programs
- Bachelor's degree in Business, Computer Science, Information System, Engineering, or equivalent experience
- In-depth and broad experience with control and risk frameworks, performing compliance and risk assessments, designing controls, and overseeing mitigation projects
- Experience in developing and reporting performance and risk metrics, such as KPIs, KRIs, SLA’s, OKR reporting and dashboards for executive leadership teams
- Understanding of risk methodologies, frameworks, and practices – (ISO standards, COBIT, CIS, COSO, NIST, etc.)
- Experience working in an agile environment (software development, infrastructure, and shared services) is an asset
- Strong verbal and written communication skills, especially communicating across all levels and cross functional teams
- Knowledge of public cloud infrastructure (Azure and Amazon Web Services) is an asset
- Experience with ServiceNow GRC platform is an asset
- Industry certifications such as CRISC, CISA, CIA, CGEIT, CISSP, CPA/CA. etc or equivalent experience
- Strong attention to detail
- Independent and results oriented
- Agile mindset
- Collaborative, independent, and forward thinking
- Pays attention to detail
- A team player with excellent interpersonal skills (loyal, empathetic, caring)
- Have sound judgement. Ability to balance ‘efficiency in delivery’ vs. ‘standards/processes’
- A confident decision-maker
- Able to influence in a matrix
- A strong communicator (both written and oral)
- Have superior analytical and issue resolution skills
- A high level of initiative and professionalism
- A willingness to multi-task and be flexible to take on varied responsibilities
- Takes ownership of tasks and drives initiatives through to completion
- Calm and patient under pressure. Thrive in a changing, dynamic environment
- Able to see the big picture while paying attention to important details