IT Compliance Lead

Odyssey Reinsurance Company (OdysseyRe) is the global reinsurance arm of Odyssey Group, one of the world's leading providers of reinsurance and specialty insurance. OdysseyRe offers a broad range of property, casualty, and specialty reinsurance products, providing capital and risk management solutions for clients to efficiently manage economic risk through a network of branch and representative offices across North America, Latin America, EMEA (Europe, Middle East & Africa), AsiaPacific and London. OdysseyRe is an equal opportunity employer with excellent benefits and a strong commitment to providing training and opportunities for our staff. We provide employees an innovative, enriching environment and take great pride in their career growth. OdysseyRe is rated A+ (Superior) by AM Best and AA- (Very Strong) by Standard and Poor's. Odyssey Group is a subsidiary of Fairfax Financial Holdings Limited, which is traded on the Toronto Stock Exchange under the symbol FFH. IT Compliance Lead

Location:

Hybrid (preferred: Stamford, CT or other Odyssey Reinsurance offices)

Department:

IT Governance, Risk, and Compliance (GRC)Reports to: IT GRC Lead /

Head of IT Risk & ComplianceEngagement:

Contract-to-Hire Role Overview The IT Compliance Lead will play a critical role in strengthening Odyssey's IT control environment across our global technology landscape. This position will directly support the company's SOX ITGC, DORA, and internal control improvement initiatives by maintaining the Common Control Set, facilitating compliance self-assessments, coordinating targeted control reviews, and supporting audit readiness and remediation tracking.

The ideal candidate brings a mix of control understanding, process discipline, and collaboration skills to drive consistency, documentation quality, and audit confidence across all IT towers and applications. Key Responsibilities Control Framework Management

• Own and maintain the Common Control Set, ensuring accurate mapping to SOX ITGCs, DORA, and other regulatory requirements.
• Coordinate control applicability assessments across infrastructure, application, and security domains.
• Partner with control owners to maintain control documentation, narratives, and evidence libraries in the GRC system (ServiceNow GRC implementation underway).
• Support alignment of control testing and applicability to standardized SDLC and operational frameworks (DeliverSecureIT, Secure SDLC, etc.). Compliance & Risk Assessment
• Lead or coordinate compliance self-assessments, documenting effectiveness and control gaps.
• Execute targeted compliance assessments (e.g., UAR, patch management, change management, logical access, backups, DR, etc.).
• Track remediation and validate evidence prior to internal and external retesting.
• Assist in maintaining the IT Risk Register and facilitate risk acceptance/exception documentation. Audit Preparation & Coordination
• Act as a primary point of contact for internal and external auditors (PwC, IA, Fairfax Audit Committee).
• Prepare and coordinate audit requests, walkthroughs, and evidence submissions, ensuring accuracy and timeliness.
• Maintain a centralized issue/finding repository and coordinate remediation updates and validation testing with control owners.
• Support root-cause analysis and trend reporting for recurring audit issues. Process Improvement & Governance
• Help document and refine processes, procedures, and controls to improve auditability and reduce manual effort.
• Participate in the rollout of ServiceNow GRC for issues, controls, risks, and policy management modules.
• Support the continuous improvement of IT governance and compliance scorecards, dashboards, and RAG tracking.
• Promote a "right-sized control culture" — balancing compliance with operational efficiency. Qualifications
• Bachelor's degree in Information Systems, Accounting, or related field.
• 5-10+ years of experience in IT audit, IT risk, or IT compliance roles (internal audit, external audit, or control owner experience strongly preferred).
• Understanding of SOX ITGCs, COBIT, DORA, and common frameworks such as NIST CSF or

ISO 27001.

• Strong documentation, communication, and organization skills — ability to manage competing priorities across global teams.
• Experience with GRC tools (ServiceNow GRC) highly desirable.
• Familiarity with Azure, ServiceNow, SailPoint, or other enterprise IT environments a plus.
• Collaborative mindset with a strong sense of ownership and accountability. Key Attributes

Analytical & Detail-Oriented:

Spots gaps before auditors do.

Process-Driven:

Brings structure to compliance execution.

Relationship Builder:

Works well with IT operations, app owners, and auditors.

Continuous Improver:

Sees compliance as a path to maturity, not bureaucracy. We are an E-Verify employer - all hired positions require successfully passing an E-Verify Check. Navigate the links below to learn more about careers at OdysseyRe. Workplace Initiatives Career Areas for Professionals A Rewarding Workplace Follow us on LinkedIn for company highlights