At Morneau Shepell, we offer more than career opportunities, we provide career opportunities to make meaningful contributions to people’s lives. The extraordinary expertise of almost 5,000-strong workforce is harnessed to support the employees and families of the organizations we serve. Our innovative programs have a lasting impact on the health, financial security and productivity of 24,000 workplaces.
Director, Risk and Compliance
As part of the Legal Department, reporting to and under the supervision of the General Counsel, the newly created role of Director, Risk and Compliance will be responsible for central oversight of the Company’s operational and regulatory enterprise risk management and compliance functions. This includes supporting the enhancement of Morneau Shepell’s privacy program.
The successful candidate will work closely with business stakeholders to design, implement and operationalize enterprise risk management and regulatory compliance programs in support of the Company’s business strategies and objectives. The successful candidate will also support company-wide communication and awareness plans ensuring that employees know and understand how to manage risks that affect their roles.
In this role, the successful candidate will be a key member of a growing and dynamic team who works closely with all members of the Legal Department and Internal Audit and will support and assist the General Counsel in providing updates to the Risk Committee and the Board. This position is located at the Morneau Shepell head office in Toronto.
Duties & Responsibilities
With direction and support from and under the supervision of, the General Counsel and the Legal Department, the Director, Risk and Compliance is responsible for:
Risk & Privacy
•Implementing and managing the enterprise risk management assessment processes;
•Selecting enterprise risk management software and the design of databases to allow for the capture of all required program data;
•Developing and managing operational procedures to support the implementation of the various programs;
•Identifying and developing performance monitoring and risk monitoring metrics for the various programs;
•Collaborating with business groups in the preparation of submissions for the Risk Committee and Board, as required;
•Supporting the design and implementation of a common and consistent vendor risk management program to effectively manage vendor risk in accordance with internal policies and applicable legislation and regulations;
•Overseeing and monitoring the continued development and implementation of Morneau Shepell’s privacy program.
•Undertaking such other risk projects and initiatives, as directed by the General Counsel.
•Developing, implementing and managing a centralized program to oversee the Company’s compliance functions;
•Monitoring the current and evolving regulatory environment impacting the Company’s operations and implementing applicable policies and processes to meet the Company’s requirements;
•Developing analytical insights from the program data and metrics to support Senior Management and Board oversight;
•Supporting the design of, and development of various reports including program status reports, program dashboards and Board-level reports; and
•Drafting governance documentation for the various programs (e.g. policies, operating procedures) and managing the associated training, socialization, approval and communication processes.
•3-5 years working experience in enterprise risk management, operational risk, regulatory compliance, internal audit, and/or a controls related function;
•Prior experience in leading, designing and implementing compliance and/or risk programs and drafting policies and procedures;
•Privacy and data management experience in a similar role; knowledge of global privacy regulations, including European data privacy regulations (e.g., GDPR), would be beneficial;
•Excellent written and oral communication, analytical, and problem solving skills;
•Pragmatic with sound business judgment.; and
•Building strong internal relationships and the ability to effectively present to various levels of management will be necessary to succeed in this role.
•Privacy professional certification is an asset
•Data information security knowledge is an asset
•Experience in Service Organization Control (SOC) 1 and 2 audits is an asset
•Experience in data analytics is an asset
Job Grade: MS7
Fulfilling work that matters
Morneau Shepell is in the business of helping organizations help their people and in the process, we strive to elevate ours.
We're always looking for talented professionals and strategic leaders looking to make a difference in the lives of the people we serve.
We appreciate the interest of every applicant; however, we contact only those selected for an interview.