Reporting to the Senior Vice President, Global Chief Information Security Officer (CISO), the Vice President (VP), Head of Technology Risk Governance & Control (TRGC) owns the implementation and adoption of the Technology Risk and Control framework across Lifeco and its operating companies (OpCo’s). The VP will advocate for technology and cyber risk initiatives that accelerate and scale execution according to the organization’s investment appetite and risk tolerance. The VP will facilitate a multi-year program that supports the execution of the maturity and risk control statement (RCS) targets for the organization. The VP is responsible for developing and contributing to the aggregated view of the organization’s overall technology risk posture, and working with senior leadership to sponsor relevant policies, standards, and controls that best reflect the risk appetite of the organization.

As a first line of defense function, you will have responsibility to collaborate with senior leadership across Lifeco’s operating companies including but not limited to the regional Chief Information Officers (CIOs), Chief Risk Officers (CROs) and Head of Operational Risk.

What You’ll Do

• Develop an integrated and collaborative view with the business and technology leadership on the technology risk and information security control environment.
• Build and implement a global governance structure for technology risk and information security in collaboration with appropriate Lifeco committees and stakeholder groups
• Work with business leaders across Lifeco and the OpCo’s to address and resolve technology compliance and control failures.
• Ensure technology risk control framework monitoring and testing is performed at the required level of quality, and that reporting is global, consistent, and efficient.
• Encourage a high-performance and collaborative culture within the team, and across the technology risk professional family.
• Proactively work with internal colleagues and external stakeholders to influence acceptance of new concepts, practices or approaches.
• Develop and implement sound multiyear roadmaps and annual tactical plans.
• Responsible for financial management of annual operating and initiative expenses.
• Foster an environment that encourages new approaches, challenges the status quo, and inspires creativity.

What You’ll Bring

• 10+ years’ experience as a technology leader managing an operating company’s risk profile
• 10+ years’ experience leading international technology and cyber risk transformation programs
• 10+ years’ experience leading multicultural teams in financial services organizations
• 7+ years’ experience leading Information Technology (IT) governance, risk, and compliance (GRC) program
• Bachelor of Computer Science, Bachelor of Business Administration or related field(s)
• Master’s Degree in risk management or cybersecurity management is preferred
• Experience in financial services, and preferably in insurance working in a regulated environment
• Experience building and working in matrix and complex organizations with demonstrated ability to influence teams where resources do not all report directly into the function.
• Skilled leader with exceptional communication abilities, collaboration and relationship building skills establishing credibility and fostering cross-functional relationships.
• Strong verbal and written communication skills and interpersonal skills needed to effectively build relationships and communicate with Executives, internals stakeholders, and customers.
• Expert level of customer centric outward thinking skills, and continuous improvement mindset.
• Transformational leader with experience in driving significant change and modernization agenda.
• Proven Strategic thinking skills, with a long-term outlook and the ability to drive results to improve business unit performance and create a culture of accountability.
• Have a strong appreciation for the complex and ever-changing regulatory environment and the need to be ahead of regulations.
• Ability to attract, motivate and develop talent to build the right team to meet strategic direction and tomorrow’s needs.
• Expert level of technology, systems expertise, and project management experience.
• Ability to use knowledge of industry, business and systems to solve business problems and maximize business performance.
• Operational risk expertise related to working in complex shared environments.
• Knowledge of Cyber and Technology Risk Governance and Control standards (i.e., Certified in Risk and Information Systems Control (CRISC), Control Objectives for Information Technologies (COBIT), International Organization of Standardization (ISO) 31000, and/or National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), Information Technology Infrastructure Library (ITIL), Management of Risk (MoR), etc.)
• Certifications in ITIL, COBIT, CRISC (required).
• CISSP, CISA, CISM, SANS SIAC (preferred).
• Proven track record and knowledge of technology and cyber risk frameworks as they apply to technology in large corporations