UBC has appointed a Chief Assurance & Risk Officer with the mandate to create a strategic unit that is sought after for advice and counsel by organizational leaders across both campuses. The Chief Assurance and Risk Officer oversees the previously separate functions of Internal Audit and Enterprise Risk Management - now called the Office of Enterprise Risk and Assurance (ERA).
ERA's purpose is to partner with the community to provide trusted and impactful risk and assurance insights to enhance and protect UBC as a thriving institution. The scope and nature of the internal audit function has expanded from a traditional department primarily focusing on financial risks, to a risk-based progressive function covering a large spectrum of risks and key strategic initiatives. The internal audit function has been renamed to “Internal Assurance” to reflect its broadened and elevated mandate; however, the discipline of internal audit remains embedded into all of our assurance activities. ERA aims to deliver an enterprise risk management framework that the University will integrate with its strategy-setting and operational activities to assist institutional leaders and their teams in managing risk through creating and preserving value. Moreover, the department is expected to provide independent, objective assurance and consulting activities designed to add value and improve the University's operations. This position plays a key role in enhancing the University's accountability mechanisms in support of the University's strategic objectives, by evaluating systems and related risks and controls, particularly as it relates to technology and automation.
Reporting to the Director, Internal Assurance, and dotted reporting line to the Director, Enterprise Risk Management
Provides leadership, advice and guidance on strategic / operational technology risks, controls and governance.
Provides strategic oversight and tactical direction in the management of a portfolio of all technology related risk reviews and advisory / assurance engagements.
Supports Director, IA with the vision in the area of technology risks and provides strategic and operational risk advisory and assurance services for the institution's top risks; ensure that risks are clearly identified, articulated and assessed, key controls are designed and operating effectively, and mitigations are timely and appropriate.
Works closely with the Director, IA in developing, leading, and delivering strategic short-term and long-term goals relating to the departments use of technology and its technology-related risk and assurance services for the department as part of the approved ERA strategic plan
Represents ERA at key strategic committees.
Key contributor to ERA's annual planning process. Provides strategic direction into priorities in the annual integrated risk and assurance plan that is flexible and responsive to the strategy, evolving needs and institutional risks of the University, particularly as it relates to technology risk and assurance areas.
Partners with the Associate Director, Fraud Risk Management and Data Analytics to provide technology leadership for building the departments data analytics practice, and embedding data analytics into the wider UBC community.
Engages as a strategic partner with academic and administrative leadership (including members of the Executive Team) and builds strong relationships
Works as a change agent with faculties and departments to enhance risk management capabilities at all levels across the University.
Collaborates with the ERA leadership team to develop, implement and manage talent capability assessment to ensure the team of professional risk and assurance staff have sufficient knowledge, skills, experience and professional certifications from a technology risk and assurance perspective.
Oversees the operations of a team composed of 1-2 IT risk and assurance professionals to ensure the efficient operation of the function
Provides credible, constructive challenge to senior stakeholders in relation to technology risks and assurance to senior stakeholders. Maintains knowledge of key and emerging technology risks both externally and internally.
Manages relationship with the co-sourced internal audit technology risk partner to deliver specialist technology risk and assurance expertise
Leads the digital strategy for ERA strategic plan and other technology related components. Leads from technology perspective Data / automation tools.
Directs the preparation of reports, models, summaries of results analysis and other strategic and operational performance measures.
Oversees the execution of other related tasks and special projects as required
Consequence of Error/Judgement
The Office of the Enterprise Risk and Assurance is a fast-paced environment, where competing priorities and tasks are frequent and dynamic. Work is often completed within tight deadlines, requiring the Senior Manager to perform with a high degree of accuracy and precision under pressure. Judgment must be exercised. Lack of good judgment, errors or incorrect assurance work could result in the failure to detect or prevent University risks. Consequences could include:
Inadequate or inappropriate risk management
Mismanagement or misappropriation of university resources
Non-compliance with university policies or statutory obligations
Inaccuracies in university financial reports
Inaccurate information to senior management or the Board resulting in errors in management decisions. May have legal and labor relations implications.
This position has the opportunity to have a strong influence on the administrative procedures and processes at the University.
This position reports to the Director, Internal Assurance, and has a dotted reporting line to the Director, Enterprise Risk Management.
Works under general direction and review, and within broad mandates.
Oversees the work of a team composed of 1-2 IT risk and assurance professionals.
CGEIT, CRISC, CIA, CRMA, PMP, CISA (in order of preference)
COSO, ISO 31000, COBIT, ITIL,
Has sufficient knowledge, skills, experience, and professional certifications to meet the needs of a strategic technology risk and assurance leader for the University.
Must have demonstrated experience in the following areas:
Business Process transformation (large complex projects) – including experience with understanding and translating complex business requirements in a fast-paced environment.
Data Analytics and GRC (technology perspective)
IT risk management
Emerging technologies – IoT, AI, RPA – to use them as part of ERA work and provide risk and assurance services to the University community who use these tools / technologies.
Extremely strong project management experience
These areas are beneficial but not required:
Privacy / cyber
Extensive experience in providing risk advisory and assurance reviews in the IT Governance arena.
Proven ability to develop and implement technology risk management frameworks that fully integrate with
Robust Interpersonal, communication skills to engage and communicate in technology related risk conversations at the highest levels.
An understanding of the University’s risk appetite to ensure a risk focus is adopted versus a traditional control focus.
Demonstrated ability in identifying areas of IT risk, applying risk-based scoping, estimating level of effort,
Responsive, agile approach to manage changing priorities
About University of British Columbia | Internal Assurance | Office of Enterprise Risk and Assurance