Job Description
IT Risk Compliance & Resiliency Specialist (HYBRID)
About the job
About The Workplace Safety And Insurance Board (WSIB)We’re here to help. When an injury or illness happens on the job, we move quickly to provide wage-loss benefits, medical coverage and support to help people get back to work. Funded by businesses, we also provide no-fault collective liability insurance and access to industry-specific health and safety information. We are one of the largest insurance organizations in North America covering over five million people in more than 300,000 workplaces across Ontario. For more information, visit wsib.ca .
At The WSIB, You’ll Have The Opportunity To:
- explore many career paths and follow your passion
- continuously learn and grow professionally
- be recognized for the great work you do
- participate in programs that support your health and wellbeing
Salary Grade: N07 From: $87,999.00 To: $109,999.00
Job Summary:
Reporting to the Manager, IT Risk and Governance, this role supports the Manager in ensuring WSIB’s consistent adaptation of the IT risk management framework and applicable risk management requirements including, developing and implementing risk policy, developing and maintaining a IT risk register, monitor and measure compliance to IT policies, report on current risk posture and compliance, work with all areas of ITC to identify risks and remediation efforts, follow up with ITC areas on remediation commitments, liaise with Internal/External Audit to coordinate response to any ITC audits and document and report on findings and track remediation commitments. This role will also liaise with Internal Controls to lead, coordinate and provide evidence of documented controls for financially relevant systems.
The IT Risk, Compliance & Resiliency Specialist works with the Business Continuity Management Office (BCP) and leads the IT BC program. This role is also responsible for leading the ITC engagement in business continuity planning (EMBC) for the organization. This role will work on report findings to Executive level including Executive Committee, AFC etc. Support the preparation and delivery to the executive level reporting of risks, audit findings, remediation commitments and overall risk status liaise with the Enterprise Risk management branch to enable alignment of IT risk framework with the overall Enterprise Risk Framework.
Support the development, implementation and administration of enterprise wide risk management programs relating to operating, financial, procurement, contract and technology risks as they relate to the IT Cluster.
Major Responsibilities:
- Develop, maintain and report on the IT Risk register to ensure that all IT risks are documented, identify an owner and document remediation options.
- Work with Business Continuity Management Office (BCP) and lead the IT BC program. Leading the ITC engagement in business continuity planning (EMBC) for the organization
- Provide governance reporting/memos to Executive Committee, Governance committee, BOD etc.
- Develop and track sets of key risk indicators to monitor trends in the organizations’ risk profile;
- Assist in the mitigation of IT risks, identify new ways to further enhance the risk mitigation
- Risk & Compliance Focus
- Coordinate internal control for financial reporting reviews and audits including:
- Coordinate the ITC engagement and response to all control review request
- Coordinate the production of evidence to support the control objective
- Engage the appropriate ITC area to document the control and provide evidence
- Coordinate the remediation by ITC of any gaps related to the controls
- Coordinate all internal audit of ITC areas and document all findings in risk register;
- Contribute to the identification and monitoring of gaps related to compliance controls and identify emerging risks
Act as central point of contact for IT for all business and external stakeholders as it pertains to resiliency program as well as internal control reviews.
Work with and support the EMBC Branch and the Corporate Risk Management Services (CRMS) division through:
- Maintaining/assisting in systematizing relevant IT resiliency and risk information, assisting in tracking key IT risk indicators to monitor trends in organization’s risk profile to supplement and be utilized in the Quarterly Enterprise Risk Management Report that is distributed to Executive Committee and Board of Directors.
- Work with the EMBC team on developing corresponding Disaster Recovery Plans to be in alignment with Business Continuity Plans
- Act as the main IT cluster point of contact in the development of confidential and/or sensitive organizational strategies and initiatives (e.g. HPSDS planning, etc.)
- Participation in confidential and/or sensitive scenario specific planning (i.e. ongoing labour disruption planning, pandemic response, etc.)
- Attending Business Continuity Planning Committee meetings, which may contain sensitive and/or confidential information.
- Presenting information to ITRM management team for consideration
- Provide DR planning oversite and governance
- IT disaster recovery/resiliency plan testing and reporting
- Provide monthly and quarterly reporting to management and relevant ITC and WSIB stakeholders.
- Prepare monthly report for manager to demonstrate at a minimum current risk posture, number of outstanding risks, number of new risks and number of closed risks;
- Aid in dashboard for ITC senior management to provide risk information by cluster or business area;
- Prepare quarterly reports for business stakeholders including Internal Audit, Enterprise Risk Management, Internal Controls
- Implementation of the IT risk management framework and applicable risk management requirements.
- Provide support to maintain and communicate the IT Risk Management Framework ensuring alignment to the Enterprise Risk Management Framework including developing risk policies and standards, aligning and reviewing compliance to IT policies;
- Identify stakeholders that require information to make decisions and report on IT risks;
- Facilitate IT risk management training within ITC and across business areas
- Maintain effective communication linkages and relationships with both IT and business areas to discuss and resolve issues, and exchange information and provide guidance on IT risks.
- Liaise with IT and business areas to ensure that risk monitoring, management and reporting of key risk exposures are appropriately reported, documented and accepted;
- Assist IT areas to manage their risks by applying the IT Risk Policy and demonstrate the value of compliance to the policy;
- Advise business areas on technical elements of risk management, which involves risk identification, assessment, mitigation planning, monitoring, triggers/responses, evaluation and reporting
- Education requirements:
- Undergraduate degree in IT, Business, Finance or Economics or equivalent education and experience
- Master degree (Master of Disaster and Emergency Management, Information Technology or Master of Business Administration)
- Completion of CRISC, CRM, CISM or CISA or equivalent
- Associate Member Business Continuity Institute (AMBCI) or equivalent (BCP/DR)
- Certified Business Continuity Professional (CBCP)
- Experience:
- 3 years in IT Risk Management or IT Audit
- Experience implementing or managing a IT Risk Management Framework and Policy
- Sound and practical knowledge of IT risk management
- 5 to 7 years in IT Risk Management or IT Audit
- Experience implementing or managing a IT Risk Management Framework and Policy and GRC tool.
- Sound and practical knowledge of IT risk management
We respect and value the diversity of our people. We strive to create an environment where employees can be themselves and where our differences are celebrated.
The WSIB is committed to being accessible and inclusive, and following barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require accommodation through any stage of the recruitment process, please let us know when we contact you and we will work with you to meet your needs.
Disclosing conflicts of interest
As public servants, employees at the WSIB have a responsibility to act in an ethical way at all times to create a respectful workplace and maintain public trust. Job applicants are required to disclose any circumstance that could result in a real, potential or perceived conflict of interest. A conflict of interest is any situation where your private interests may impair or be perceived to impair the decisions you make in your official capacity. This may include: political activity, directorship, other outside employment and certain personal relationships (e.g. with current WSIB employees, customers and/or stakeholders). If you have any questions about conflict of interest obligations and/or how to make a disclosure, please contact the Talent Acquisition Centre at talentacquisitioncentre@wsib.on.ca .
Privacy information
We collect personal information from your resume, application, cover letter and references under the authority of the Workplace Safety and Insurance Act, 1997. The Talent Acquisition Centre and WSIB hiring parties will used this information to assess/validate your qualifications, determine if you meet the requirements of vacant positions and/or gather information relevant for recruitment purposes. If you have questions or concerns regarding the collection and use of your personal information, please contact the WSIB’s Privacy Office at privacy_office@wsib.on.ca . The Privacy Office cannot provide information about the status of your application.
As a precondition of employment, the WSIB requires that prospective candidates undergo a criminal records name check any time before or after they are hired.
Apply