Sr. Director Infrastructure & Risk

The Senior Director, Infrastructure & Risk Center of Excellence (COE) will play a critical leadership role in setting up a newly formed 1A risk team within the Bank's Technology Infrastructure (TI) organization. This role is accountable for building and leading a high-performing team that collaborates with IT departments (e.g. cloud, mainframe, database, middleware, operations, DR), enterprise risk and security teams and 2nd line of defense. The leader is accountable to build a team that will transform the existing 1st line risk practices and bring forward the TI organization's risk profile. The position ensures compliance with regulatory, internal risk, and audit expectations while fostering a culture of proactive risk management across the IT organization and supporting the achievement of TI's strategy.

Responsibilities:

• Serve as a single point of accountability for oversight of engagements with all of risk stakeholders (auditors, regulators, enterprise risk teams, clients).
• Establish, develop, and maintain strong relationships with Sponsors, Stakeholders, business and T&O partners
• Prepare program roadmap, project, and/or implementation plans to align with executive approval
• Build-out & lead a dynamic, high-performing team capable of supporting diverse IT groups with thorough in-house expertise in technology & IT risk.
• Develop & maintain processes that ensure TI's activities align with enterprise & regulatory standards, enabling traceability between IT processes & risk standards.
• Guide TI Towers in interpreting & implementing risk management standards in an integrated, user-friendly, & actionable manner.
• Design & implement processes within TI Towers to systematically track all risk-related work, ensuring these processes can support progress & risk reporting.
• Ensure the COE team is well-equipped to support IT personnel in executing controls testing, enterprise or TI risk assessment (e.g. RCSA, QRA), audit responses (e.g. internal, SOX), and regulatory submissions (e.g., OSFI, FRB, OCC).
• Support and promote the internal interaction model between the Towers & other TI Risk & regulatory functions (e.g. Controls Testing & Risk Analysis, Risk Reporting & Oversight, and Strategy Planning & Delivery teams).
• Establish & support processes for 1st line risk activities (e.g. Archer issue mgmt., develop controls, KRI/ audit issue remediation, risk assessments, supplier mgmt. etc.) to ensure transparent, timely & effective delivery by accountable TI Towers.

Must Have:

• 12 years in an IT Risk management capacity across any of the 3 lines of defense.
• Deep expertise in risk management frameworks and standards across the US and Canada (e.g., regulatory compliance, enterprise risk, internal controls, SOX, ITGC); expertise with UK and APAC regulators, considered beneficial.
• Understanding of cloud, mainframe, middleware, database, operations and AI.
• Proven track record of setting up and leading high-performing teams in a complex IT & risk environment.
• Demonstrated ability to design and implement processes to track risk-related work and integrate these processes into enterprise risk reporting frameworks.
• Exceptional relationship-building skills, with the ability to collaborate across diverse functions and levels of the organization.
• Strong analytical and problem-solving skills, with the ability to create scalable, repeatable processes that simplify risk management in IT operations.
• Demonstrated ability to transform and modernize processes, aligning legacy and modern IT practices into cohesive risk strategies.
• Passionate about improving the risk management experience while delivering on commitments and expectations from risk stakeholders.
• Related certifications: CISA, CPA, CA, CRISC, CISM, CISSP etc.