Description:
Join Sun Life’s Chief Technology Office (CTO) Governance and Compliance team and help strengthen how we manage technology risk and compliance at scale. In this role, you will maintain our global controls framework in ServiceNow IRM (GRC), support audit and assessment readiness, and partner with infrastructure and cloud teams across networks, servers, storage, call centre, workstations, and database platforms.
Our team’s role is to:
- Provide GRC subject-matter expertise, guidance, and advisory support to CTO stakeholders
- Translate enterprise, regulatory, and security obligations into clear, actionable requirements
- Maintain the CTO governance and compliance control framework in ServiceNow IRM (GRC)
- Facilitate CTO assurance activities (audits, assessments, certifications)
- Provide visibility into CTO’s compliance posture, risks, and systemic gaps
What you will focus on:
Global Compliance Framework
- Build and maintain a global controls library in ServiceNow IRM (GRC), including creating, updating, and mapping controls to internal requirements and external frameworks
- Keep controls current as requirements change by maintaining control language, attributes, ownership, applicability, and related indicators
- Produce ServiceNow IRM reporting on control coverage and health (e.g., mapping coverage, testing progress, overdue actions, evidence freshness, exceptions, audit readiness), and dashboards providing a holistic view of compliance issues
Governance, Risk and Compliance Enablement
- Partner with operational teams to apply governance, risk, and compliance requirements (e.g., business continuity, data privacy, records management, and security compliance)
- Interpret regulatory, policy, audit, and certification requirements and help teams embed expectations into day-to-day operations
- Identify risks, gaps, and control weaknesses; enable timely remediation and informed risk decisions
Audit and Assessment Support
- Coordinate CTO participation in internal audits and external assessments (e.g., SOC 2, ISO 27001/17, HITRUST, NIST 2.0/CSA CCM)
- Guide operational teams to deliver required activities, evidence, and responses that are complete, accurate, and on time
- Track findings, action plans, and commitments; escalate risks, issues, and delays as needed
What You Need To Succeed
- 3+ years of experience in GRC, IT risk, IT controls, audit, or compliance (technology environment preferred)
- Hands-on experience in ServiceNow IRM (GRC) maintaining controls, indicators, and control-to-framework mappings
- Experience mapping controls to common frameworks (e.g., ISO 27001/17, SOC 2, NIST, CSA CCM, HITRUST)
- Experience producing metrics and reports from ServiceNow/Excel, and defining audit-ready evidence expectations for controls
- Audit/assessment support experience (evidence coordination, issue tracking, remediation follow-up)
- Familiarity with infrastructure and cloud services (networks, servers, storage, cloud platforms)
- Strong communication skills and stakeholder management across technical teams and leaders