Lead and support the implementation, optimization, and ongoing management of ServiceNow IRM, ensuring alignment with GRC processes, regulatory expectations, and segment needs.
Align and evolve information security policies and standards with industry frameworks (ISO 27001/2, COBIT, NIST) and regulatory requirements.
Partner with Canada, Europe, and US to harmonize governance practices and support consistent adoption of policies, standards, and controls.
Provide governance expertise and risk‑based guidance to senior leaders, balancing business needs with security considerations to support informed decision‑making.
Drive change management, communication, training, and stakeholder engagement to support adoption of GRC practices and process workflows.
Prepare and deliver governance updates, executive presentations, and risk insights for senior leadership and oversight committees.
Use ServiceNow IRM to aggregate and interpret enterprise outcome data, including risks, issues, controls, remediation updates, and Key Risk Indicators (KRIs), for Lifeco‑level dashboards, metrics, and reporting.
Aggregate and analyze segment‑level risk assessment outputs (technology, cyber, operational, regulatory, emerging) to support consolidated oversight.
Support regulatory engagements (e.g., OSFI), including preparing responses, evidence, and submissions.
Identify opportunities to streamline and automate GRC processes, reporting, and workflows across segments.
Contribute to broader information security and technology risk governance activities, including Risk Taxonomy Engineering, Emerging Technology Risk Management, Third Party Risk Assessments, Frameworks and Policy Management, Cybersecurity Maturity etc.
Requirements
7–12 years of experience in Information Security, Technology Risk, or GRC roles within large complex organizations.
Degree or Diploma in Information Technology and/ or business, or combined relevant field experience and certifications CISSP, CGRC, CISA, CISM, CRISC, CGEIT.
Experience supporting or implementing ServiceNow IRM
Experience in the designing, building, integrating, and maintaining a technology product, automation, and data structures that enable an organization’s GRC processes.
Strong knowledge of frameworks (NIST CSF, ISO 27001, COBIT, CIS Controls) and regulatory expectations (OSFI B‑10, DORA, SOC 2, GDPR).
Skilled at articulating technical risks in business language and influencing stakeholders across regions, lines of defence, and leadership levels.
Excellent collaboration skills across global teams and multi‑segment environments.