Enterprise Risk Management Lead

Business Unit

Regular, Full time

Closing Date: March 16, 2026

The Ontario Securities Commission (OSC) is the statutory body responsible for regulating Ontario’s capital markets in accordance with the mandate established in the provincial Securities Act and the Commodity Futures Act. The mandate of the OSC is to provide protection to investors from unfair, improper or fraudulent practices, to foster fair, efficient and competitive capital markets and confidence in the capital markets, to foster capital formation, and to contribute to the stability of the financial system and the reduction of systemic risk. This mandate is performed through policy, operational, and enforcement activities. The OSC also contributes to national and global securities regulation development.

We offer a diverse, fair, and flexible work environment and take pride in our challenging and rewarding work.

Reporting to the Chief Audit and Risk Executive (CARE), the Enterprise Risk Management (ERM) Lead will advocate and promote ERM by leading in the ongoing implementation, oversight, maintenance, further development and maturity of a comprehensive, enterprise level risk management framework and risk culture at the Commission. This role would have ownership of ERM and executing a suitable risk framework.

This role will provide in-depth analysis of risk management; further mature and maintain processes, tools, templates and frameworks; embed risk management in existing documentation and templates; integrate risk management practices in day-to-day operations; identify risks; assess and measure risks; report on risks to Executive, Board and others; lead, support, advise and guide risk owners, risk champions and other staff. This work will support improved enterprise risk management, performance reporting, corporate and management reporting, and business planning at the OSC.

Key Duties and Responsibilities

The ERM Lead is responsible for strengthening the organization’s risk management capabilities by facilitating enterprise-wide risk discussions, supporting emerging risk identifications and enhancing risk assessments. This role provides guidance to and is supported by the Enterprise Risk Specialist, as they partner closely with core business functions to ensure both top-down and bottom-up strategic, operational, and reputational risks are proactively identified, assessed, and managed within a cohesive enterprise risk framework. The ERM Lead will also work closely with the business horizon scanning and systemic risk teams and respective committees for the integration of risk reporting.

Risk Culture

• Advocate and promote ERM program and processes to further develop the risk culture at the OSC
• Act as a trusted advisor to management on enterprise and emerging risks

• Lead, facilitate, promote, educate and build risk management practices and culture across OSC operations through structured engagement
• Promote accountability across business units for ensuring effective risk assessments and development of mitigation strategies
• Collaborate with Internal Audit, Legal and Compliance, IT, Information Security and other functions and respective committees
• Maintain and facilitate a culture of continuous improvement and learning 

ERM Framework, Policies and Procedures

• Ensure maintenance of the ERM Framework and associated processes and tools to ensure that it remains current and appropriate for the OSC
• Develop, implement and maintain ERM policies, procedures and templates
• Design and lead implementation of OSC’s risk management integrations with business planning and operational reporting processes and procedures
• Enhance and formalize the implementation of the risk incident management reporting with the ERM framework, analyze incident trends to identify systemic, emerging and reputational risks, and facilitate discussions on significant risk incidents and root causes.
• Work with the Enterprise Risk Specialist to integrate bottom-up divisional risk processes to provide thematic observations and timely escalation of systemic risks

Risk Identification, Analysis and Evaluation

• Facilitate workshops and risk assessments with management to support effective risk identifications, analysis, and treatment within established risk appetites
• Strengthen linkages between ERM and specialized risk domains, including regulatory and enforcement risks, AI risk, Third-party Risk Management (TPRM), Cybersecurity Risk, Data Governance, etc.
• Review and scan the changing environment to consider emerging risks and report on potential impacts including integrations of risks from business’s horizon scanning exercise with ERM reporting
• Implement processes for the effective analysis of risk data i.e. key risk indicators with stakeholders to support evaluations and monitoring

Risk Treatment

• Integrate risk management into business planning and day-to-day operations
• Facilitate discussions and workshops to ensure risk action plans, controls and mitigating strategies are drafted and implemented to achieve desired target risk levels
• Lead in the development and maintenance of risk indicators with the business programs and senior leaders
• Lead in the development and maintenance of risk appetite statements and tolerance levels with the executive leadership and board committees

• Design, plan and execute risk assessment exercises to ensure all risks are identified, defined, assessed and documented in a standardized manner, and vetted with risk and control owners

Monitoring and Reporting

• Lead the annual risk re-fresh exercise to ensure the enterprise risk inventory is current, relevant, complete, accurate and aligned with the OSC mandate and strategic plan
• Support the Enterprise Risk Specialist with the development and maintenance of the Divisional Risk Inventories to ensure appropriate risks are captured, described, monitored, ranked, and mitigating controls and action plans are in place
• Develop and establish risk dashboard for monitoring risks and thresholds for breaches for timely action, mitigations and escalations
• Prepare and deliver risk management reports, quarterly risk reports, briefing notes, and papers to the Commission/Board, Board Risk Committee, Senior Management and relevant OSC Committees
• Lead the operations of the Risk Steering Committee, including development of agendas, reports, escalations of thematic divisional risks, identification of emerging issues and trends, and minutes

Training and Awareness

• Advise Divisional Risk Leads and Champions, Senior and Executive Leadership, regarding risk identification, assessment, measurement, monitoring and on-going controls

• Lead forums with the risk champions/owners to discuss divisional issues and trends, lead risk committee meeting discussions on specific risk topics
• Deliver training and support to facilitate risk identification, risk ownership, risk monitoring, risk mitigation and risk reporting for Divisions

• Enhance OSC staff’s knowledge of risk management disciplines and their application, and challenge staff to critically think about risk

• Remain current on ERM best practices by engaging with peers in the Industry by joining regional, national and international risk groups
• Create an alignment with internal audit and operational resilience with the enterprise risk framework

Qualifications

• Bachelor’s degree in business and/or a relevant discipline, or equivalent experience and education
• 10+ years of relevant, senior level experience in enterprise risk management function
• Experience with capital markets / securities / financial services with in-depth knowledge of the capital markets and regulatory operations
• Successful completion of the Canadian Risk Management (CRM) Designation or other equivalent designation
• Compliance and general business knowledge that supports ability to consider strategic and complex pan-Commission issues
• Effective verbal and written communication skills, including adept listening skills with the proven ability to establish and maintain sound working relationships with multiple stakeholders
• Strong facilitation and collaboration skills to gather perspectives and insights, consolidate and present results to support decision-making across impacted stakeholders
• Ability to think at the pan-Commission level applying analytical thinking to complex OSC wide issues, and emerging trends
• Sound judgment and creative, innovative thinking skills to develop and influence recommendations and solutions
• Ability to develop and deliver effective presentations, briefing notes, reports and papers
• Demonstrated experience in regulatory compliance, legislative frameworks and public sector policy experience is an asset
• Successful completion of the Canadian Securities Course is an asset

This opportunity is considered to be a business critical role supporting the CARE division.

Grow your career and make a difference working at the OSC.

* OSC Employees: please apply in Workday using the Browse Jobs feature within your Jobs Hub *

We thank all applicants for their interest in the Ontario Securities Commission. We will contact those selected for an interview.

The OSC is committed to diversity and providing an inclusive workplace and providing accommodation in accordance with the Accessibility for Ontarians with Disabilities Act and the Human Rights Code. It is our priority to ensure employment opportunities are visible and barrier-free to all under-represented groups including but not limited to, Indigenous, Black and racialized groups, people with disabilities, women and people from the 2SLGBTQI+ community, to achieve an employee demographic profile reflective of the demographic profile of Ontarians.

The OSC is a proud partner with the following organizations: Ascend Canada, BlackNorth Initiative, Canadian Centre for Diversity and Inclusion, and Pride at Work Canada

If you require an accommodation during the recruitment process, please let us know by contacting our confidential inbox HRRecruitment@osc.gov.on.ca.  
 

Visit Accessibility at the OSC to review the OSC’s policies on accessibility and accommodation in the workplace.