Lead and improve second line challenge across technology, data, and operational risk.
Challenge first line risk assessments, controls, remediation, and risk acceptances.
Provide clear, evidence-based second line risk opinions and escalate material issues.
Oversee review and challenge of RCSAs, vendor risks, major initiatives, and incidents.
Ensure quality challenge of risk acceptances, corrective action plans, and resilience controls (BCM/DR).
Direct a team of managers and analysts to deliver timely, high-quality oversight work.
Review and approve all second line deliverables to ensure accuracy, consistency, and standards alignment.
Lead thematic risk analysis and deliver dashboards, reports, and executive-level insights.
Champion automation, Generative AI, and continuous monitoring tools within oversight processes.
Engage senior stakeholders, communicate challenge outcomes clearly, and represent second line in governance forums.
Ensure timely delivery of oversight commitments and support improved enterprise risk posture.

10–12+ years of experience in Information Risk, Technology Risk, Cybersecurity, Operational Risk, or GRC.
Strong experience leading second-line or audit-style oversight programs across global enterprises.
Proven ability to deliver complex, multi-domain oversight programs with accountability for quality and timeliness.
Ability to lead blended teams (onshore and offshore) through influence, guidance, and technical direction.
Deep knowledge of cloud, infrastructure, data platforms, resilience, and enterprise IT environments.
Familiarity with regulatory frameworks (ISO, NIST, COBIT, CSA/CCM, OSFI, etc.).
Experience with Generative AI, automation workflows, or continuous control monitoring tools is preferred.
Excellent communication, risk judgment, and stakeholder engagement skills.

Information Risk Management Director

Key skills