Governance, Risk & Compliance, Lead

About The Position

Requirements

• Degree or Diploma in Information Technology and/or business, or combined relevant field experience and certifications
• CISSP, CISA, CRISC, CISM
• 7+ years of experience working with or in Information Security, Information Security Governance, Security Risk Management in medium to large sized organizations
• Strong and proven leadership capabilities with communication, coaching, influence, negotiation and conflict resolution
• Experience implementing and managing a Governance Risk and Compliance Tool
• Experience with Information Security practice and processes including threat and risk assessments
• Experience managing risk throughout the risk lifecycle
• Highly motivated, and results oriented with an ability to handle high pressure situations with key stakeholders
• Strong service management and service delivery orientation
• Excellent presentation and communication skills and an ability to present complex information in a manner suitable for technical and non-technical audiences
• Working experience with Cybersecurity Frameworks and industry standards: ISO 27001/2, PCI DSS, CIS, NIST 800 Series.
• Knowledge of the security of cloud environments, vulnerability assessments, identity and access management
• Excellent knowledge in several areas of information security (domain knowledge)
• Eligibility to work for Interac Corp. in Canada in a full-time capacity

Responsibilities

• Expertise leading the implementation and ongoing management of the Governance Risk and Compliance Tool (GRC Tool) for Information Security
• Preparing and maintain risk register that identifies gaps during project, system and software lifecycles through security risk assessments or security reviews and track risks for remediation
• Reporting on and measure the effectiveness of the technical controls via security metrics.
• Enhancing and maintaining the security risk assessment framework
• Proactively contribute to security governance initiatives, providing technical and business advice, as well as insight on management processes
• Aligning and refining Information Security policies and standards with industry best practices, pertinent regulations and standards bodies (ISO 27001/2, PCI DSS, CIS, NIST Series)
• Developing security requirements matrix mapped to organization’s policies and standards
• Prepare, track and maintain risk acceptances and security exceptions.
• Leverage expertise in information security risk management to prepare and conduct security assessments for both planned initiatives and unplanned instances.
• Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization
• Collaborate with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services
• Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions
• Participate and support security related and serve as a key interface with external and internal auditors for security compliance related activities
• Support development, enhancement, and socialization of the security awareness program
• Create and update technical documents in line with company policies
• Ensure that effective BCP/DR policies and plans are in place and maintained
• Keep abreast of the cybersecurity threats and assess their potential impact to Interac’s posture

Benefits

• Short-term incentive plan
• Generous vacation and wellness days
• Comprehensive employer-paid benefits coverage
• Market-leading employer-funded RRSP program
• Flexible hybrid work model
• Free and confidential 24/7 employee & family assistance program
• Pregnancy and parental leave top-up
• Charitable donation matching with United Way