23 Internal Controls jobs in Toronto

**Description**
At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.
Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.
How we serve our customers is constantly evolving and is a challenge we gladly accept. Whether you are finding new ways to enable a customer to start a new business or looking for opportunities to minimize credit losses, you can work with one of the most valuable datasets in the world to identify insights and actions that can have a meaningful impact on our customers and our business. And, with opportunities to learn from leaders who have defined the course of our industry, you can grow your career and define your path. Find your place in credit risk management on #TeamAmex.
**How will you make an impact on this role?**
Responsible for monitoring Consumer & Small Business portfolio credit trends, conducting high-balance case reviews, assessing effectiveness of pre- vs. post-cancellation collections processes, optimizing our responsible lending and authorizations strategies, and partnering with Credit Operations to strengthen processes and procedures.
+ Routinely access a variety of large-scale databases and reporting platforms to analyze portfolio performance trends and/or individual Card Member cases and translate the information into actionable strategy with the objective of improving the customer experience while delivering on our financial commitments, with specific focus on Point-Of-Sale card Authorizations, responsible lending actions and pre- and post-cancellation collections.
+ Incorporate local market dynamics, macroeconomic and industry trends, and new developments to enhance global processes, models, and strategies.
+ Collaborate closely with Credit & Fraud Risk (CFR) Centers of Excellence to optimize credit decisions, strengthen credit policies, and enhance risk controls and capabilities.
+ Regularly monitor credit risk processes to ensure Operational Excellence, with particular focus on post-implementation validations.
+ Work closely with Controllership, Treasury, 2 nd Line, and 3 rd Line to support and strengthen Amex

The **_Director, Information Risk Management_** is responsible for providing 2nd Line of defense risk oversight and challenge to U.S. Segment in the area of information security risk and technology risk.
**Position Responsibilities:**
+ Delivering the 2nd line information risk oversight program to US Segment while supporting the Segment to own and manage their risks efficiently and effectively. The oversight activities span across third party, changes, operational resilience, risk and control self-assessment, incidents and reportable events, issues and CAPs, disaster recovery, etc.
+ Promoting a strong information risk culture and diversity, equity and including values.
+ Staying abreast of new and emerging regulatory requirements as well as emerging and evolving risks.
+ Managing capacity by monitoring and acting on anticipated change in workload and resource changes.
+ Ensuring the team is properly trained and kept current with information risk and cyber security developments, threats and emerging technology.
+ Interacting and cooperating with other GIRM teams and IRO counterparts to ensure consistent and efficient processes.
+ Maintaining effective relationships with L1 stakeholders and L2 risk partners to drive the best outcome.
+ Owning the risk reporting activities for US Segment.
**Required Qualifications:**
+ Minimum 10 years of experience in governance, risk and control functions preferably in information security and technology risk areas.
+ University degree
+ Expertise in best practices of various aspects of information risk management and prior experience as a leader in IT risks.
+ Strong communication skills including ability to explain technical information to non-technologists including business executives.
+ Strong competencies in collaboration, problem solving and influencing key risk decisions
+ Knowledge of the regulatory environments in the U.S.
+ Knowledge of security software, IT audit and security, programming/coding and/or IT compliance
+ Recognized professional designations in Information Security, Audit and Business Continuity (e.g. CISSP, CISA, CISM, CRISC, CSSLP, MBCP)
**Competencies:**
+ People management
+ Presentation and facilitation skills to all levels and audiences
+ Ability to develop and maintain strong relationships
+ Strong team player (collaborative)
+ Solid knowledge and understanding of the industry, strategic direction and operational challenges
+ Strong time management and organizational skills to manage multiple tasks and changing priorities
**Key Leadership Behaviors:**
+ Analytical and problem-solving skills
+ Sound judgement and balanced risk view
+ Influencing
+ Collaboration
+ Full ownership and accountability
**_When you join our team:_**
+ We'll empower you to learn and grow the career you want.
+ We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
+ As part of our global team, we'll support you in shaping the future you want to see.
**Acerca de Manulife y John Hancock**
Manulife Financial Corporation es un importante proveedor internacional de servicios financieros que ayuda a las personas a tomar decisiones de una manera más fácil y a vivir mejor. Para obtener más información acerca de nosotros, visite .
**Manulife es un empleador que ofrece igualdad de oportunidades**
En Manulife/John Hancock, valoramos nuestra diversidad. Nos esforzamos por atraer, formar y retener una fuerza laboral tan diversa como los clientes a los que prestamos servicios, y para fomentar un entorno laboral inclusivo en el que se aprovechen las fortalezas de las culturas y las personas. Estamos comprometidos con la equidad en las contrataciones, la retención de talento, el ascenso y la remuneración, y administramos todas nuestras prácticas y programas sin discriminación por motivos de raza, ascendencia, lugar de origen, color, origen étnico, ciudadanía, religión o creencias religiosas, credo, sexo (incluyendo el embarazo y las afecciones relacionadas con este), orientación sexual, características genéticas, condición de veterano, identidad de género, expresión de género, edad, estado civil, estatus familiar, discapacidad, o cualquier otro aspecto protegido por la ley vigente.
Nuestra prioridad es eliminar las barreras para garantizar la igualdad de acceso al empleo. Un representante de Recursos Humanos trabajará con los solicitantes que requieran una adaptación razonable durante el proceso de solicitud. Toda la información que se haya compartido durante el proceso de solicitud de adaptación se almacenará y utilizará de manera congruente con las leyes y las políticas de Manulife/John Hancock correspondientes. Para solicitar una adaptación razonable en el proceso de solicitud, envíenos un mensaje a .
**Referenced Salary Location**
Waterloo, Ontario
**Modalidades de Trabajo**
Híbrido
**Salary range is expected to be between**
$110,530.00 CAD - $205,270.00 CAD
Si se está postulando para este puesto fuera de la ubicación principal, póngase en contacto con para conocer el rango salarial de su ubicación. El salario real variará según las condiciones locales del mercado, la geografía y los factores relacionados con el trabajo pertinentes, como conocimiento, habilidades, calificaciones, experiencia y educación/capacitación. Los empleados también tienen la oportunidad de participar en programas de incentivos y obtener una compensación de incentivos vinculada al desempeño comercial e individual.
Manulife ofrece a los empleados aptos una amplia variedad de beneficios personalizables, entre ellos, beneficios de salud, odontológicos, de salud mental, oftalmológicos, por discapacidad a corto y a largo plazo, cobertura de seguro de vida y por muerte accidental y desmembramiento, adopción/subrogación y bienestar, y planes de asistencia al empleado/familiar. También ofrecemos a los empleados admisibles varios planes de ahorro para la jubilación (incluidos planes de pensiones y un plan mundial de propiedad de acciones con contribuciones equivalentes del empleador) y recursos de asesoramiento y educación financiera. Nuestro generoso programa de tiempo libre remunerado en Canadá incluye feriados, vacaciones, días personales y días por enfermedad, y ofrecemos la gama completa de ausencia laboral reglamentaria. Si se está postulando para este puesto en los EE. UU., póngase en contacto con para obtener más información sobre las disposiciones relativas al tiempo libre remunerado específicas de EE. UU.

Third-Party Risk Management Specialist

**The Opportunity**
Are you looking for a caring, collaborative, values-driven workplace with inspiring teammates and leaders? Do you have the ambition and desire to be the best and thrive at the most impactful global insurance provider in the world? Look no further than Zurich Canada.
If you have experience working with Third-Party Risk Management and are looking for a new challenge, we would love to hear from you.
Zurich Canada is currently looking for a Third-Party Risk Management Specialist, and in this position, you will be instrumental in ensuring that we take an effective risk-based approach to contracting and managing third parties. You will advise business and functional leadership on key risks and mitigating actions in our third-party landscape and ensure that our third-party risk management practices and behaviors live up to the standards set by the Zurich Risk Policy and Canadian regulatory requirements.
Reporting to the Head of Operations Management, you will work closely with contract owners in Canada to enhance their understanding regarding their responsibilities while promoting a strong risk management culture, advancing the maturity of third-party risk management in the organization. In this role, you will collaborate closely with teams from business resilience, IT security, privacy, as well as procurement to ensure that functional leaders and contract owners are effectively supported in managing their third-party risks and have oversight of the operational execution of third-party management.
This is a unique opportunity to build your knowledge and experience for the future in a supportive environment where your voice matters.
This is a hybrid role.
**What you will do - **
- Evaluate the framework for Third-Party Risk Management in alignment with Zurich's Risk Policy and applicable Canadian regulatory requirements and recommend/implement improvements to the framework or supporting processes, ensuring a risk-based approach is being taken.
- Ensure the framework can adapt to broadening scope and risk management expectations over time.
- Provide guidance and training to contract owners on best practices for third-party risk management, enhancing their maturity and understanding of compliance responsibilities.
- Assist contract owners in identifying, assessing, and managing risks associated with third-party relationships.
- Ensure that contract owners are effectively managing their third-party vendors and service providers in accordance with regulatory requirements and Zurich's policies, including the governance of intra-group arrangements.
- Conduct regular reviews and assessments to evaluate compliance and risk management practices among contract owners and their third parties.
- Foster a culture of risk awareness and accountability across the organization, promoting the importance of effective third-party risk management.
- Maintain a comprehensive inventory of third parties and their compliance status.
- Prepare and present reports on third-party risk management activities, compliance findings, and recommendations to senior management and stakeholders.
- Stay informed of changes in regulations and industry standards related to third-party risk management and ensure timely updates to policies and procedures.
- Collaborate with functional partners in the Region and within the Group in the domains of Procurement, Data Privacy, Business Resilience, Risk and Compliance.
- Support in other strategic projects or priorities as defined.
**What you bring to the table-**
**Job Qualifications**
**Required:**
- Bachelors Degree and 5 or more years of experience in Business Administration, Risk Management, or a related field.
OR
- High School Diploma or Equivalent and 7 or more years of experience in Business Administration, Risk Management, or a related field.
OR
- Zurich Certified Insurance Apprentice, including an Associate Degree and 5 or more years of experience in Business Administration, Risk Management, or a related field.
AND
- Minimum of 5 years of experience in risk management, compliance, or related roles, with a focus on third-party management.
- Strong understanding of risk management frameworks, regulatory requirements, and industry best practices applicable to Canada.
- Excellent analytical and problem-solving skills, with the ability to assess complex risk scenarios and develop actionable, risk-based solutions.
- Strong communication and interpersonal skills, with the ability to build relationships and collaborate effectively with diverse stakeholders.
- Strong background with evidence of producing measurable results and successful outcomes.
- Proven ability to influence and drive change within an organization.
- Excellent organizational skills are essential for this role, and prior project management experience will be a plus.
- Professional certifications in Third Party Governance, Risk Management, or Procurement are an advantage (e.g., Certified Third Party Risk Professional, Certified Risk Manager, Chartered Risk Analyst, Certified Procurement Professional Information Systems Auditor).
- Experience within or exposure to Procurement processes are an asset.
**Preferred:**
- Insurance industry knowledge with subject matter expertise in at least one functional insurance discipline; such as Underwriting, Claims, Risk, Engineering.
**Our Culture**
At Zurich, we are proud of our culture. We are passionate about Diversity, Inclusion, Equity and Belonging (DIEB). We want you to bring your whole self to work, and we want our employees to be reflective of the communities in which we live and work. Our DIEB initiatives are creating an environment where everyone feels welcome.
We have a collaborative culture where diversity of thought is valued. We value your input and strive to give our employees the tools they need to make an impact.
We care about our employees' well-being and offer a comprehensive health/benefits plan with varying levels of coverage to suit your specific needs and a competitive total compensation package.
We understand how important it is to rest, recharge and do the things you love. At Zurich, all employees receive a minimum of four weeks of vacation per year to do just that.
We also understand that employees require time off for personal reasons. Maybe you have an appointment during a workday, a cultural or religious holiday you would like to observe, or you need time off to focus on your mental health. Zurich employees receive four personal days per year to be used at their discretion.
We are committed to continuous improvement and offer access to a comprehensive range of training and development opportunities.
We care about our communities. Our communities are where our customers, people, and shareholders live and work. While we can be proud of the contribution to society Zurich makes through our core business of insurance, we must also give back to our communities through our talent, time, and resources.
We have won numerous awards for our workplace culture. We are proud to be one of Greater Toronto's Top Employers and to have received Insurance Business Canada's 5-Star Diversity, Equity, and Inclusion Award.
**Make a difference. Be** **challenged** **. Be inspired. Be** **supported** **.** **Love** **what you do. Work for us** . 
**About Us**
Zurich Canada is part of the Zurich Insurance Group, a multi-line insurer with approximately 55,000 employees worldwide serving customers in global and local markets. Zurich Canada has been a leading insurance provider serving mid-sized and large companies, including multinational corporations, in the Canadian commercial market for 100 years. With over 500 employees in offices across the country, Zurich offers the global strength of a top insurance provider combined with in-depth knowledge of industries and local markets. Zurich Canada aspires to be risk management professionals' first choice as their premier partner to help meet the risk challenges of today and tomorrow. Read more at future with Zurich
Now is the time to move forward and make a difference. At Zurich, we want you to share your unique perspectives, experiences and ideas so we can grow and drive sustainable change together. As part of a leading global organization, Zurich North America has over 148 years of experience managing risk and supporting resilience. We are a leading provider of commercial property-casualty insurance solutions and a wide range of risk management products and services for businesses and individuals. Today, we serve more than 25 industries, from agriculture to technology and insure 90% of the Fortune 500®. Our growth strategy is not limited to our business. As an employer, Zurich strives to provide ongoing career development opportunities and foster an environment where voices are diverse, behaviors are inclusive, actions drive equity, and our people feel a sense of belonging. Be a part of the next evolution of the insurance industry. Join us in building a brighter future for our people, our customers and the communities we serve.
As a global company, Zurich recognizes the diversity of our workforce as an asset. We recruit talented people from a variety of backgrounds with unique perspectives that are truly welcome here. Taken together, diversity and inclusion bring us closer to our common goal: exceeding our customers' expectations. Zurich is committed to providing a diverse, inclusive and barrier-free environment resulting in an accessible organization for employees, customers, and other parties who interact with, or on behalf of, Zurich. We strive to achieve a workplace free of discrimination of all forms, including discrimination on the basis of physical or mental disability, or medical condition. If you are interested in a job opportunity, please advise if you require an accommodation, so we can work with you to provide a more accessible process.
Zurich does not accept unsolicited resumes from search firms or employment agencies. Any unsolicited resume will become the property of Zurich Canadian Holdings Limited. If you are a preferred vendor, please use our Recruiting Agency Portal for resume submission.
Only applicable for Canada: For Zurich Canada's commitment to diversity and accessibility pleaseclick here ( .If you would prefer to not receive future electronic messages from Zurich Insurance Company Ltd's recruitment management system, please email **your request to have your job profile deleted from the system** by clickinghere ( ) . Zurich Insurance Company Ltd 100 King St., W., Suite 5500, Toronto, ON, M5X 1C9. Disability / Veterans

We are seeking an experienced and dynamic Senior IT Risk Management Auditor to join our team. This role is critical in ensuring robust risk governance and oversight through the design, implementation, and execution of our Global Information Risk Management framework across the Canadian Segment. The successful candidate will deliver a consistent and coordinated approach to risk reporting, ensuring comprehensive coverage of risks across major business segments.
**Position Responsibilities:**
Lead the development and global execution of the Global Information Risk Management framework, ensuring comprehensive coverage and integration of risk reporting across the Canadian Segment.
Build and maintain strong relationships with senior management to effectively communicate and manage risk, aligning with business objectives.
Responsible for leading all aspects of IT audit activities, including RCSA, SOC 1, SOC 2, and SOX audits, to ensure alignment with industry standards.
Plan, conduct, and manage cybersecurity and technology controls testing, as well as compliance assessments for IT systems and processes, to evaluate design and operating effectiveness.
Develop and maintain detailed test procedures and plans for IT Security Controls, ensuring they align with key objectives, industry standards, and regulatory requirements.
Evaluate the organization's compliance with preferred cybersecurity frameworks, identifying areas for improvement and ensuring alignment to standard processes.
Perform control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps.
Analyze test results, identify security control deficiencies, and recommend effective solutions to resolve identified issues.
Collaborate with operations and IT teams to ensure all IT security controls are thoroughly tested and implemented.
Track security issues and risks, preparing comprehensive reports that outline findings, recommendations, and actionable insights for senior management and customers.
Collaborate with various teams such as IT, legal, and compliance, as well as external entities to address findings and implement corrective actions.
Develop innovative approaches and solutions, using data analytics, Agile methodology, and automation to enhance the overall effectiveness and value of the controls testing team.
Ensure compliance with applicable security policies and standards, maintaining a strong risk posture.
Keep abreast of the latest information Risk audit practice, testing techniques, and contribute to the continuous improvement of the Canadian Segment's risk posture.
**Required Qualifications:**
Minimum of 8 years of demonstrable experience in IT risk management, auditing, or equivalent fields.
Bachelor's degree or equivalent experience in a relevant field such as Information Systems, Business, or a related field is preferred.
Certified Information Systems Auditor (CISA) or an equivalent designation is preferred.
Strong organizational and planning skills with a keen attention to detail.
In-depth understanding of controls, audit processes, and risk management principles.
Outstanding ability to clearly articulate to and collaborate with all management levels.
Demonstrated ability to handle complex issues and provide business-specific context to key Integrated Risk Management (IRM) principles.
Strong analytical skills, with an ability to identify overarching patterns and dependencies.
Experience managing high-visibility and high-risk situations effectively.
Superb communication, presentation, negotiation, and influencing skills.
**Preferred Qualifications:**
Certified Information Systems Auditor (CISA) or an equivalent designation is preferred.
Stakeholder Management
**When you join our team:**
We'll empower you to learn and grow the career you want.
We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
As part of our distributed team, we'll support you in shaping the future you want to see.
**Acerca de Manulife y John Hancock**
Manulife Financial Corporation es un importante proveedor internacional de servicios financieros que ayuda a las personas a tomar decisiones de una manera más fácil y a vivir mejor. Para obtener más información acerca de nosotros, visite .
**Manulife es un empleador que ofrece igualdad de oportunidades**
En Manulife/John Hancock, valoramos nuestra diversidad. Nos esforzamos por atraer, formar y retener una fuerza laboral tan diversa como los clientes a los que prestamos servicios, y para fomentar un entorno laboral inclusivo en el que se aprovechen las fortalezas de las culturas y las personas. Estamos comprometidos con la equidad en las contrataciones, la retención de talento, el ascenso y la remuneración, y administramos todas nuestras prácticas y programas sin discriminación por motivos de raza, ascendencia, lugar de origen, color, origen étnico, ciudadanía, religión o creencias religiosas, credo, sexo (incluyendo el embarazo y las afecciones relacionadas con este), orientación sexual, características genéticas, condición de veterano, identidad de género, expresión de género, edad, estado civil, estatus familiar, discapacidad, o cualquier otro aspecto protegido por la ley vigente.
Nuestra prioridad es eliminar las barreras para garantizar la igualdad de acceso al empleo. Un representante de Recursos Humanos trabajará con los solicitantes que requieran una adaptación razonable durante el proceso de solicitud. Toda la información que se haya compartido durante el proceso de solicitud de adaptación se almacenará y utilizará de manera congruente con las leyes y las políticas de Manulife/John Hancock correspondientes. Para solicitar una adaptación razonable en el proceso de solicitud, envíenos un mensaje a .
**Referenced Salary Location**
Toronto, Ontario
**Modalidades de Trabajo**
Híbrido
**Salary range is expected to be between**
$94,220.00 CAD - $174,980.00 CAD
Si se está postulando para este puesto fuera de la ubicación principal, póngase en contacto con para conocer el rango salarial de su ubicación. El salario real variará según las condiciones locales del mercado, la geografía y los factores relacionados con el trabajo pertinentes, como conocimiento, habilidades, calificaciones, experiencia y educación/capacitación. Los empleados también tienen la oportunidad de participar en programas de incentivos y obtener una compensación de incentivos vinculada al desempeño comercial e individual.
Manulife ofrece a los empleados aptos una amplia variedad de beneficios personalizables, entre ellos, beneficios de salud, odontológicos, de salud mental, oftalmológicos, por discapacidad a corto y a largo plazo, cobertura de seguro de vida y por muerte accidental y desmembramiento, adopción/subrogación y bienestar, y planes de asistencia al empleado/familiar. También ofrecemos a los empleados admisibles varios planes de ahorro para la jubilación (incluidos planes de pensiones y un plan mundial de propiedad de acciones con contribuciones equivalentes del empleador) y recursos de asesoramiento y educación financiera. Nuestro generoso programa de tiempo libre remunerado en Canadá incluye feriados, vacaciones, días personales y días por enfermedad, y ofrecemos la gama completa de ausencia laboral reglamentaria. Si se está postulando para este puesto en los EE. UU., póngase en contacto con para obtener más información sobre las disposiciones relativas al tiempo libre remunerado específicas de EE. UU.