Role Overview
The Manager, Technology Resilience and Compliance, is responsible for establishing the governance and continuous improvement of Technology Resilience, 1B Compliance, and Disaster Recovery (DR) practices within Infrastructure and Operations (I&O). This role will undertake transitioning the organization from a DR mindset to a comprehensive technology resilience mindset. Ensures that all DR activities align with the IT Service Continuity Management (ITSCM) Standard and compliance with OSFI guidelines (B-10, B-13, and E-21) is maintained. The Manager will lead efforts to assess and enhance the resiliency of critical systems, manage and track identified compliance gaps, and drive the transition to a more resilient operational environment. This position requires a strong focus on governance, risk management, and collaboration with internal and external stakeholders to achieve the highest standards of operational continuity and regulatory compliance. Additionally, as part of the 1B Compliance responsibilities the Manager will review and assess the performance of our ITIL controls.
- Summary
- Conduct comprehensive assessments of the bank's Tier 1 systems, such as the Core Banking application, to determine their actual resiliency against potential disruptions and disasters.
- Review and analyze current resilience levels, identifying any gaps or vulnerabilities in the setup that could impact operational continuity.
- Maintain a tracker for all identified resiliency gaps, ensuring each gap is documented, assigned to the appropriate owners, and monitored for resolution.
- Provide actionable recommendations for improvements to enhance system robustness and compliance with operational continuity standards.
- Prepare detailed reports on assessment findings, including identified gaps, assigned owners, and the status of remediation actions, and regularly present updates to key stakeholders.
- Work closely with infrastructure teams, application owners, and operational risk teams to implement resiliency enhancements and foster a culture of continuous improvement.
- Oversee the management of a 1B first line of defense practice to ensure the proper identification and assessment of risks and compliance gaps within I&O.
- Manage and track identified gaps in JIRA, regularly reporting on progress to relevant stakeholders.
- Conduct assessments and gap analyses on 1st line control self-assessments to ensure they align with internal standards.
- Review and assess standards to ensure alignment with OSFI guidelines, particularly B-10, B-13, and E-21.
- Ensure that associated issues are identified, and that appropriate mitigation and remediation plans are in place.
- Regularly review and assess the design and effectiveness of established controls.
- Oversee the governance of all DR-related activities within I&O to ensure alignment with the IT Service Continuity Management (ITSCM) Standard.
- Regularly meet with Operational Risk to ensure that disaster recovery strategies align with Business Continuity Planning (BCP).
- Monitor and maintain a tracker for all DR activities, ensuring DR events are appropriately scheduled and executed according to established standards.
- Facilitate the transition from traditional DR events to Resilience Scenario Testing Events, and ultimately to Continuous Resilience Testing.
- Support vendor risk assessment reviews by ensuring any operational changes are reviewed and reassessed for compliance and alignment with DR governance requirements.
Resiliency Assessment and Enhancement:
Compliance 1B Function for I&O:
Disaster Recovery Governance:
Knowledge/Skill Requirements:
- Deep understanding of OSFI guidelines (B-10, B-13, E-21) and IT Service Continuity Management standards to ensure compliance and effective governance.
- Proven experience in assessing and enhancing the resiliency of critical systems, developing improvement plans, and transitioning to advanced resilience testing methodologies.
- Strong background in managing a 1B first line of defense practice, conducting risk assessments, gap analysis, and overseeing compliance processes.
- Advanced analytical skills to evaluate resiliency configurations, identify vulnerabilities, and develop actionable recommendations for improvement.
- Strong organizational skills with the ability to manage multiple projects, maintain detailed trackers, and ensure adherence to governance frameworks and timelines.
- Excellent communication skills to engage with diverse stakeholders, including infrastructure teams, application owners, and operational risk teams, to drive alignment and continuous improvement.
- Bachelor’s degree in information technology, Risk Management, Business Administration, or a related field.
- At least 7 years of experience in IT Disaster Recovery, Compliance, or a governance-focused role within a regulated industry.
- Strong technical background that supports extensive experience in conducting resiliency assessments and disaster recovery planning, with a focus on continuous improvement and alignment with regulatory guidelines.
- Demonstrated success in managing compliance frameworks, performing gap analyses, and implementing governance structures.
- Proficiency with governance and workflow tools such as ServiceNow, JIRA, Confluence, and other relevant platforms.
- Proven ability to lead cross-functional teams and drive stakeholder alignment on risk and compliance strategies.
- Skilled in managing complex risk and compliance processes, ensuring alignment with both internal standards and regulatory requirements.
- Expertise in evaluating and enhancing the resiliency of critical systems, ensuring robust configurations and operational continuity.
- Working knowledge of Cloud Infrastructure (preferably Azure), Networks, and Replication technologies.
- Proficient in using tools like ServiceNow, JIRA, and Confluence for compliance tracking, gap management, and collaboration across teams.
- Ability to lead initiatives, build consensus, and effectively influence stakeholders to drive compliance and resilience goals.
- Highly meticulous in managing documentation, tracking progress, and ensuring that all activities align with established standards and practices.
Education and Experience:
Technical Proficiencies: