Vice-President, Enterprise and operational risk management, iA Financial Group, Group Risk Management and Compliance (GRMC)

Reporting directly to the CRO, and part of GRMC’s senior team, the VP, Enterprise & Operational Risk Management is responsible for developing and leading iA’s Enterprise Risk Management (ERM) and Operational Risk programs. ERM and Operational Risk Management is the 2nd line of defense group responsible for providing oversight of iA’s operational risk exposures through the Operational Risk management and control frameworks for risks related to people, technology, processes and external events.

This position is accountable for establishing a risk aware culture by ensuring iA has an integrated ERM program which enables effective challenge through a set of risk management tools and processes to assess and mitigate risk in alignment with corporate strategy and within the organization’s risk appetite. This position is also responsible to ensure senior management and the members of the Board have a clear understanding of the enterprise risk level, and that processes are in place aimed at the identification and proactive management of operational risks throughout iA.

KEY OUTCOMES & RESPONSIBILITIES

Develop and implement the ERM program, ensuring iA has a process for identifying, assessing, monitoring, aggregating, and reporting key operational risks, by:

• Leading and advancing iA’s ERM program, driving towards best practices standard for ERM frameworks, risk assessments, risk monitoring and reporting to key stakeholders including the Executive Committee, senior management, internal audit, Executive Risk Management Committee (ERMC) and the Board
• As a key contributing member of the Executive Risk Management Committee (ERMC), ensuring the committee has a clear understanding of iA’s enterprise and operational risk profile
• Providing independent oversight and effective challenge through the design and implementation of various risk identification and assessment tools to support the development of an optimal risk culture aligned with risk appetite
• Ensuring iA has an escalation process for risk issues including frequent reporting of outstanding exception items and timeframe for remediation
• Ensuring iA has adopted an appropriate three lines of defense approach
• Facilitating the use of appropriate methodologies, tools and techniques to manage entity-level risk within iA’s risk appetite and tolerance levels
• Provide oversight of the corporate insurance program to finance and/or transfer the risk of catastrophic loss from criminal, business interruption, property, liability and processing exposures
• Ensure iA has an effective fraud management program in place, with processes in place to prevent, detect, identify, monitor and action internal and external incidents

Provide leadership to the business relevance of the operational risk program, by:

• Implementing operational risk policies, guidelines, procedures and standards, and a measurement methodology which is aligned with regulatory expectations
• Providing operational risk subject matter leadership to business units, including advising on risk mitigation strategies, to enhance the management of operational risk enterprise-wide
• Providing appropriate training and communication to ensure adequate education and awareness of operational risk policies, procedures, and standards across iA Group of companies
• Ensuring iA has appropriate ERM and Operational Risk tools and processes, including business Risk and Control Self-Assessment (RCSA), process for New Initiatives Risk Assessment (NIRA), process for approval of new initiatives, oversight over the outsourcing, fraud and 52 109 requirement activity loss data and incidents identification and reporting, business continuity management and the development and reporting of key risk indicators
• Ensuring that the New Initiative Assessment Process (NIAP) is consistently applied to material new projects/initiatives across the organization, with an effective challenge to ensure business unit proposals are evaluated properly and have acceptable residual risks, aligned with the organization’s risk appetite
• Ensuring the operational risk program is integrated within iA’s integrated risk management program and appropriately documented, including a defined process for data collection, escalation of issues, monitoring against risk appetite and providing oversight over operational risk mitigation plans
• Ensuring iA has a third-party management program for vendors and service providers, that tools are designed, and governance processes are in place to assess and evaluate third parties, perform due diligence and monitoring escalation and reporting processes are in place
• Managing the business continuity management program in all areas of the organization and advancing the program maturity
• Ensuring iA has in place an operational risk scenario and stress-testing program that assesses capital ratios in extreme but plausible economic downturns or various scenarios that assist Management in understanding risks and control gaps

Aligning with the Board’s long-term strategic direction, champion the organizations’ risk culture through leading by example and working with senior leaders and executive management, by:

• Striving to continuously evolve and mature iA’s risk culture through oversight of enterprise and operational risk policy frameworks
• Fostering collaborative work relationships for the purpose of aiding in achieving an innovative, professional, highly engaged workforce
• Acting on opportunities to grow and expand the organization aimed at generating an appropriate risk adjusted return for iA
• Continuously evolving the enterprise operational risk appetite metrics, ensuring alignment of risk appetite and strategy for iA
• Motivating and encouraging staff professional development, goal setting and career progression, and identify relevant opportunities
• Contributing to the development and implementation of strategic direction of iA

TECHNICAL KNOWLEDGE, SKILLS AND ABILITY REQUIRED

• Demonstrated ability to develop trusted working relationships at all levels of the organization, including liaison within all components of the three lines of defense
• Proven ability to effectively direct working team and committee members with whom there is no direct reporting relationship
• Proven leadership, change management and strategic-thinking skills
• Proven project management and organizational skills with experience in implementing large enterprise-wide projects
• Subject matter expert in understanding of enterprise risk concepts, operational risk concepts and good practices in governance reporting
• Ability to identifying top risks and risk themes through an advanced knowledge of financial services industry, insurance, and regulatory environment
• Subject matter expert in understanding of insurance, and financial institution balance sheet risk management, risk optimization concepts, risk appetite and policy structuring, and general economic conditions
• Advanced knowledge of iA products, services, corporate and business unit strategies, and marketplace positioning
• Demonstrated experience in developing tailored, practical and flexible solutions, communicate and understand issues from both a technical and business perspective and exhibit strong interpersonal skills, including ability to influence senior decision makers
• Excellent knowledge of the COSO 2013 framework and NI 52-109 and/or SOX (Sarbanes Oxley) as part of a second line of defense monitoring program to provide independent oversight

BEHAVIOURAL COMPETENCIES

Shared Behavioral Competencies:

• Change Leadership
• Building Relationships and Partnerships
• Developing Others

Job Specific Competencies

• Achieving Results through People
• Alignment and Focus
• Conceptual Thinking
• Holding People Accountable
• Initiative
• Impact and Influence
• Organizational Awareness
• Problem Solving and Judgment
• Results Orientation
• Team Leadership

MINIMUM QUALIFICATIONS

• A minimum of 20 years work experience of which 10+ years of progressive senior management experience within a regulated financial services organization(s), including extensive leadership in a control function, such as finance, risk, and/or compliance, as well as, interaction with boards and board committees
• Graduate degree, MBA, MSc or equivalent is a requirement
• CA, CPA, CFA or equivalent a definite asset