Intermediate IT Asset Risk Analyst with ServiceNow Software Asset Management experience- 16310

Intermediate IT Asset Risk Analyst with ServiceNow Software Asset Management experience- 16310

Desired Location -Toronto/Hybrid (3 days a week on site)

Estimated Start Date: 02/16/2026- 06/30/2026

Hours: 37.5 Hours Per Week

Position Summary:

Collaborating with the Director, IT Asset Management, you will be responsible for designing, establishing, and operationalizing a comprehensive Software Risk Governance Framework aligned to organizational requirements, including Standards 031 (an internal governance or risk standard), and ensure alignment with applicable framework: Office of the Superintendent of Financial Institutions (OSFI) expectations.

Key Responsibilities:

1. Framework Creation & Governance Design

• Develop an enterprise Software Risk & Governance Framework integrating:
• Standards 031 requirements (as defined internally by the organization).
• SW asset definitions, taxonomy, and attributes
• Define governance structures, including executive accountability, risk ownership, reporting lines, and escalation paths.

2. Compliance Monitoring & Assurance

• Establish monitoring mechanisms to ensure ongoing compliance
• Track compliance with Standards 031 through periodic reviews, self assessments, and evidence collection.
• Coordinate internal and external audits related to cybersecurity, technology governance, and software risk management.
• Partner with cybersecurity teams to integrate vulnerability management, incident reporting, and resilience testing aligned with federal guidance.

3. Reporting & Continuous Improvement

• Produce governance and risk dashboards tracking control maturity, software risks, and compliance with OSFI B 13
• Report on key risk indicators, remediation activities, and governance outcomes to senior leadership.
• Continuously refine the Software Governance Framework to reflect updates to OSFI guidance, including intersections with other guidelines such as B 10 and E 21. [torys.com]

Required Qualifications

• 3-7 years experience in technology risk, software governance, cybersecurity, or IT compliance.
• Strong understanding of OSFI regulatory guidance, supporting frameworks.
• Experience developing governance frameworks, policies, controls, and maturity models.
• Service Now Module, experience with CMDB
• Governance/Audit -- Standards 031

Preferred Qualifications

• Experience with GRC tools (e.g., ServiceNow, Archer, OneTrust).
• Knowledge of third party risk frameworks and regulatory requirements.

Interview Process

How many rounds of interviews? 1 Panel round or 2 Rounds

Types of Interviews Technical, Managerial

Interview Duration 45 Min, 30 Min respectively