Director, Technology Risk and Compliance, Digital & Client Technology Solutions

The Director, Technology Risk and Compliance will strategically develop, lead and oversee risk management and compliance programs for the Digital and Client Technology Solutions (DCTS) area, including: technology audits, business continuity, client assurance/privacy and application security compliance programs. This role will provide governance support and maintain a comprehensive risk management framework across Canada Technology's diverse portfolio. 

What You Will Do? 

Strategic Canadian Business Partnership  

• Anticipate and respond to emerging technology risks and Canadian regulatory changes affecting the organization  

• Collaborate with Canadian senior management on strategic decisions impacting technology risk management  

• Lead engagement with Canadian external stakeholders, regulators and industry bodies on complex compliance matters  

• Support and coordinate the response to client inquiries on technology security and privacy frameworks

Governance Framework & Reporting 

• Oversee comprehensive application security compliance programs spanning DCTS's multiple disciplines and business units to ensure the framework and standards are adhered to 

• Design, implement, and operate effective controls within the system to provide reasonable assurance that Sun Life Canada’s service commitments and system requirements are achieved 

• Ensure delivery of audit processes to the adequate satisfaction of internal and external stakeholders from a governance and reporting perspective

​ 

Canada Technology Program Management  

• Direct comprehensive reviews of identity, entitlement and privileged access management processes across all critical Canadian applications  

• Establish and manage strategic partnerships with Canadian business functions to enhance their access review capabilities and maturity  

• Lead the development of Canada-specific risk management policies, standards and best practices ensuring alignment with regulatory requirements and industry frameworks 

Risk Management  

• Act as the Business Continuity (BC) Coordinator and work with DCTS leaders, Enterprise Services and Corporate BCP and compliance offices ensuring all BC objectives are completed for the DCTS organization in a timely manner, including Disaster Recovery exercises. 

• Act as the Record Management Subject Matter Expert and focal point for the annual Records Management Inventory review, working with the DCTS leaders 

• Identify process-level risks, mitigation plans and communicate 

• Manage relationships with senior Canadian leadership, executive levels and external auditors regarding technology risk posture 

Team Leadership & Development  

• Lead a team of 6-10 resources handling the day-to-day activities related to technology risk and compliance for DCTS 

• Ensure continual employee knowledge and skill growth through performance management process 

• Promotes constructive culture and employee engagement and drives for innovative thinking and solutions 

What You Will Need to Succeed 

• 10 or more years of progressive experience in Information Security, Risk Management or related functions with significant management experience  

• Proven track record of leading complex, multi-disciplinary risk and compliance initiatives within large Canadian technology organizations  

• Client focused mindset - exceed the expectations of our internal and external customers. 

• Deep expertise in operational risk management frameworks and processes  

• Comprehensive knowledge of Canadian regulatory compliance requirements and industry standards (ISO 27001, NIST, SOC 2, etc.)  

• Exceptional communication and influencing skills with ability to present to Canadian executive leadership and external stakeholders  

• Strong business acumen with understanding of Canadian financial services industry and regulatory environment  

• Proven ability to build consensus and manage complex stakeholder relationships across Canada Technology  

Assets 

• Advanced certifications: CISSP, CISA, CRISC or equivalent enterprise security certifications 

• Experience in Canadian financial services or highly regulated Canadian industries 

• Advanced degree in Information Security, Risk Management, Business Administration or related field 

• Experience with enterprise GRC (Governance, Risk and Compliance) platforms and advanced analytics tools 

For Quebec Residents: Bilingualism (French, English, both oral and written) is required as the position includes managing French and English-speaking staff (Quebec and outside Quebec) and providing daily support to the team.

What’s in it for you?

• Great Place to Work® Certified for Most Trusted Executive Team in Canada – 2025, 2024 and 2023
• Great Place to Work® Certified for Best Workplaces in Canada - 2025
• Canada Order of Excellence for Mental Health at Work® certification from Excellence Canada. Sun Life is one of only four companies in Canada to ever receive this certification – 2024
• Top Work Places® for Remote Work – Monster Canada - 2024
• Great Place to Work® Certified for Best Workplaces in Canada – 2024 and 2022
• Great Place to Work® Certified for Best Workplaces for Women in Canada - 2024
• Flexible hybrid work model. #LI-Hybrid
• Pension, stock and savings programs to help build and enhance your future financial security
• Work and professional development that is united by our Purpose: to help Clients and Employees achieve lifetime financial security and live healthier lives
• A friendly, collaborative and inclusive culture
• Be part of our continuous improvement journey in developing the next greatest digital enterprise experience.
• Competitive salary and bonus structure influenced by market range data
• The opportunity to move along a variety of career paths with amazing networking potential