Key skills
Cyber SecuritySDLCAIBIStakeholder Management
About this role
Role Overview
- Own and operate the enterprise findings and remediation program across all IT (intake, triage, assignment, due dates, status cadence, evidence validation, and closure)
- Establish and enforce a consistent remediation methodology (root cause analysis, corrective action design, milestones, risks/dependencies, and closure criteria)
- Lead cross-functional remediation governance (weekly/bi-weekly operating cadence), including escalations and executive-ready reporting
- Ensure remediation plans are realistic and control-effective (fix the control, not just the symptom) and coordinate validation readiness for re-testing
- Maintain a single, accurate view of compliance commitments and progress (52-109-related gaps, internal audit/external audit findings, self-assessment results, management action plans)
- Track and report key program metrics (aging, overdue, theme analysis, repeat findings, control failure trends) and propose targeted improvement initiatives
- Partner with IT control owners to improve operational discipline (ticket quality, evidence retention, SOP adherence) and reduce friction during audits
- Contribute to continuous improvement of standards, templates, and tooling to make remediation work repeatable and scalable (and reduce manual effort)
- Be a key element in our Automation and AI implementation plan.
Requirements
- University degree in information systems, business, cybersecurity, or any combination of equivalent education and experience
- Minimum 3 years of relevant experience in technology risk, audit remediation, IT compliance, or complex cross-functional program management
- Demonstrated experience managing audit or compliance findings and driving remediation to closure in an IT environment
- Solid understanding of IT processes and control concepts (access, change, operations, SDLC fundamentals) and familiarity with compliance frameworks/norms (e.g., 52-109; ISO 27001; familiarity with other industry norms such as SOX is an asset)
- Strong stakeholder management skills with the ability to challenge constructively and drive accountability across multiple IT teams
- Strong analytical skills and ability to synthesize complex status into clear, decision-ready reporting
- Highly organized, detail-oriented, and comfortable working with deadlines, ambiguity, and changing priorities
- For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
- No Canadian work experience required; however, must be eligible to work in Canada.
Tech Stack
- Cyber Security
- SDLC
Benefits
- Flexible work arrangements and a hybrid work model
- Possibility to purchase up to 5 extra days off per year
- Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
- Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
- Our pension offerings provide flexibility and long-term security for our employees beyond their careers.