Risk Analyst, IT Risk & Compliance

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

The Risk Analyst, IT Risk & Compliance will have accountability to support data quality, risk reporting, identification, assessment, and mitigation of IT risks across the Technology Solutions business group. The role will report to the Director, IT Risk Management within a larger team that provides Governance, Risk and Compliance services to Enterprise Services globally. 

Preferred skills

• Good understanding of supplier risk, records management, business continuity, privacy and information management
• Strong verbal and written communications skills - must have the ability effectively present
• Strong consulting and relationship management skills recommendations
• Strong aptitude towards process development and documentation
• Strong client service orientation
• Excellent interpersonal skills
• Extensive knowledge of IT risk management, cybersecurity principles, and compliance standards.
• Experience in crisis management and incident response.
• Familiarity with risk management frameworks such as NIST, ISO 27001, COBIT, and ITIL.
• Experience with insurance, banking, or other financial services environments is preferred.
• Experience with ServiceNow and RSA Archer is an asset
• Excellent communication and interpersonal skills, with the ability to communicate complex technical concepts to non-technical stakeholders.
• Strong analytical, problem-solving, and decision-making skills.

Qualifications

• University degree in business, computer science, or general IT\Cyber security related.
• 3-5 years of experience in reporting and data analysis.
• 3-5 years experience in risk and supplier management.
• Strong background in IT security, governance, compliance, and risk management frameworks.
• Advanced Excel skills (macros, V-lookup & Pivot tables)
• Professional certifications such as CISSP, CISM, CRISC, or other relevant certifications are assets.

Responsibilities

• Reporting and Governance 

• Risk Control Self Assessments (RCSA): Assist with the identification, evaluation, and assessment of information technology risks through RCSA process.  Monitor and report on status of any mitigating action plans.
• Key Risk Indicators (KRI): Working alongside program lead on developing monthly/ quarterly reporting and ensuring KRIs are updated, monitored, and reported on. 
• Support the development and maintenance of organizational reporting, particularly as it pertains to supplier risk.
• Stakeholder Communication:  Contribute to the quarterly risk committee report for executive team.  Report regularly to senior leadership and other stakeholders on the current state of IT risks, mitigation efforts, and any new threats or vulnerabilities as needed.   
• Collaboration: Work closely with second-line risk teams to ensure a comprehensive view of IT risks across the enterprise.
• Operational Risk Events (ORE): Working alongside program lead to ensure that operational risk events are reported, tracked, actioned, and closed. 

• Technology

• Day to day management of the Governance, Risk, and Compliance tool used to support controls, waivers, and accepted risks. Ensure that the Corporate Risk systems are updated with relevant RCSA, ORE, and KRI data.
• Create, maintain and recommend automation tools to enable risk, control and process information to support risk management processes.

• Business Partner Relationship Management

• Assist in facilitating supplier risk processes (e.g. risk reviews, continuous improvement, etc.)
• Provide guidance internally on the requirements of various risk programs.
• Provide guidance and support for all organizational supplier governance, risk, and management requirements.

Notes: As a condition of the role, the successful candidate must obtain a Government of Canada Reliability Status security clearance through Sun Life.

The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors. In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance. Certain sales focused roles have sales incentive plans based on individual or group sales results.  

Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our Clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.

Persons with disabilities who need accommodation in the application process, or those needing job postings in an alternative format, may e-mail a request to [email protected].

We are proud to be a hybrid organization that offers our employees the choice and flexibility to work from both the office and virtually based on the needs of the business, our Clients and you! Several work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.

We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

Salary Range:

Job Category:

Posting End Date: