Remediation Lead, IT Compliance

Subscribe to RSS Feed
Printer friendly interface
Job Title:
Remediation Lead, IT Compliance
Position ID:
J0120-0917
Job Type:
Permanent Full Time
Division:
IT/IS
Region:
Ontario
Posting Language:
E
Job Category:
Information Technology
Number of Positions:
1
Closing Date:
31/03/2020

Keeping You Moving

RSA is one of the world’s leading multinational insurance groups with over 300 years of experience and over 20 million customers worldwide.

Our people are committed to building a dynamic internal culture where our people love what they do and feel motivated to keep things moving – for customers, for their colleagues and as part of their own growth and development.

In RSA, employing positive people is how we achieve success. You will be working in an environment that encourages you to do great work and you constantly will be faced with fresh challenges that have a direct impact on our business. We believe your personality and passion will keep RSA and our business moving forward.

At RSA we have a culture that supports and rewards high performance with a competitive reward policy for top performers. Our rewards package includes competitive compensation, work / life balance, opportunities to learn and the chance to make a difference working for a worldwide industry leader.

At RSA Canada, our purpose is to Make Life Better Together and we do that every day through our commitments to our people, our customers and our partners. We are committed to fostering an inclusive, fair, and accessible environment where every team member has the opportunity to reach their full potential and where everyone feels comfortable being their true selves. We hire on the basis of merit and we are committed to inclusive, barrier-free recruitment and selection processes, as well as equal access to training and promotion opportunities.

Position Overview:

The IT Remediation Lead will be responsible for:
• Aligning with business departments and application owners to coordinate testing schedules, allocate resources and communicate control testing results.
• Providing guidance to IT resources on how to meet control requirements, process expectations and expected outcomes via workshops, training sessions or by creating FAQs etc.
• Collaborating with IT teams (EA, Infrastructure, IS, Risk, etc.) as required to ensure that risks are identified and control deficiencies are communicated, logged, and prioritized for remediation.
• Reviewing and regularly assessing remediation progress to validate that remediation is feasible and has interim and major milestones, adequate control testing cycles, sustainable approach, duration etc.
• Leveraging knowledge of regulatory compliance to developing remediation strategies and approach to drive closure of open remediation actions / plans.
• Identifying and recommending new technology solutions to support IT Compliance functions or mitigate risk related to third party vendors.
• Participating in the design, development and build out of a comprehensive end to end Third Party Risk Management (TPRM) Program.
• Working with RSA Procurement to build out the ServiceNow GRC platform which will support third party vendor assessments, reviews, vendor monitoring and recertification campaigns.
• Maintaining, tracking and reporting on Risk Acceptance (RA), Remediation Plans Agreed (RPA) and Compliance Deviation (CD) records in ServiceNow.
• Following up with business and IT contracts to ensure that remediation activities are on track for completion.
• Reporting status to executives and PMO resources for remediation work streams in flight.

Who you are

Your enthusiasm is infectious. You challenge the status quo. You find solutions to problems. You go the extra mile to exceed customers’ expectations. You get things done the right way. You represent our brand with passion and pride. You are a team player. You have fun and you make work fun for those working around you.

What you will achieve in this role

• Establish a working relationship with Group Head of Technology Risk to develop best practices, internal SLAs and frameworks to govern control testing activities and Key Risk Indicator (KRI) reporting.
• Champion RSA ITGC initiatives and foster a culture of security and compliance in the business.
• Develop a work stream to report control deficiencies, assign ownership and prioritize remediation initiatives using a risk based approach.
• Leverage RSA IT Security and networking tool sets to complement control testing activities.
• Act decisively and work with a high degree of autonomy.
• Utilize your strong interpersonal skills to raise awareness of the IT Compliance team within RSA, build strong relationships with the business contacts, application owners, and executives.
• Prepare and conduct compliance awareness information sessions to communicate throughout business and IT environment.
• Integrate the remediation work stream into the IT Compliance team that identifies IT risks and communicates control deficiencies.

What you bring to this role

• University degree or College diploma in computer science/studies or related discipline.
• 10+ years related experience.
• The ability to communicate effectively with Senior IT executives, propose solutions and obtain consensus from senior IT leadership.
• Experience in a managed service/outsourcing arrangement.
• The ability and willingness to work under pressure, with multiple projects simultaneously.
• The ability to communicate clearly with technical SMEs, business partners and stakeholders.
• The creativity, innovation and lateral thinking to address organizational issues and concerns.

A professional Designation in IT Compliance or Information Security such as Certified Information Systems Auditor (CISA) or Certified Information Security Professional (CISSP).

Other Information

Applicants agree that by providing personal information in response to this ad, and otherwise in any recruitment process with RSA or its affiliated companies (the “Company”) such personal information may be retained and used for a period of one (1) year from the date of this application, for the purpose of consideration for employment opportunities which may arise during that time period, unless an applicant notifies the Company to the contrary.

We thank all applicants. However, only those selected for an interview will be contacted.

We invite you to learn more about us at our Career Site, www.rsagroup.ca, where you can apply on line.

RSA group of Companies is strongly committed to diversity and welcomes applications from visible minority group members, women, Aboriginal persons, and persons with disabilities, members of the LGBT community, and others who may contribute to the further diversification of ideas.

RSA group of Companies will provide reasonable accommodation for qualified individuals with disabilities in the job application process.

If you have difficulty using our online application system and you need an accommodation due to a disability, please email AODA@RSAGROUP.CA or call us at toll free 1 (800)-855-0511. Please note this email is only for accommodation requests. Resumes sent to this email address will not be considered.

Applicants agree that by providing personal information in response to this ad, and otherwise in any recruitment process with RSA or its affiliated companies (the “Company”) such personal information may be retained and used for a period of one (1) year from the date of this application, for the purpose of consideration for employment opportunities which may arise during that time period, unless an applicant notifies the Company to the contrary.

Johnson is an equal opportunity employer. We thank all applicants for their interest. However, only those selected for an interview will be contacted.