Manager, IT GRC

About The Position

Requirements

• Minimum of 7 years of IT security, Information Risk Management or related work experience
• College Diploma or University Degree in Computer Engineering, Computer Science, or Audit preferred
• Intermediate to strong working knowledge of O365 and AWS
• Experience with GRC
• Experience with the following IT Security Frameworks required: Payment Card Industry Data Security Standards (PCI DSS), ISO 27001 / 27002, Control Objectives for Information and Related Technology (COBIT), NIST Cybersecurity Framework preferred
• Demonstrated ability to work with internal stakeholders and external vendors

Nice To Haves

• One or more of the following or related certifications preferred: Certified Information Systems Auditor (CISA) Certified Information Systems Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Certified Information Systems Security Professional (CISSP)
• Familiarity with Agile methodologies such as Lean, Scrum and Kanban preferred

Responsibilities

• Drive change and leadership best practices. Draws upon and supports corporate programs to bring consistency to our people strategy. Provides input and direction on future talent programs. Supports Diversity Equity and Inclusion while establishing trust and transparency in a safe and productive work environment.
• Work closely with business units to achieve compliance with requirements and to address related questions and issues.
• Ensure standards, processes, procedures, and associated metrics are documented and met.
• Consult with Application Security, Risk and Controls (Access, Process control).
• Facilitating and preparing and supporting internal and third-party audits.
• Conduct risks assessments.
• Further enhance and mature the existing security and awareness framework to strengthen enterprise risk management, security & awareness, and compliance.
• Assist with Disaster Recovery and Business Continuity planning initiatives.
• Perform assessments and associated remediation activities to ensure systems and controls are configured in accordance with established policy, best practice guidelines and designated compliance frameworks.
• Develop and improve information risk management strategies and processes.
• Manage and perform risk assessment initiatives, risk registry, etc.
• Enact risk rationalization and implementation of mitigation strategies and monitoring across IT.
• Maintain information risk tolerance threshold metrics and provide guidelines on ensuring information risk exposure is within tolerance limits.
• Identify and communicate issues and risks and work with cross-functional teams to establish risk mitigation strategies where applicable.
• Ensure compliance adherence across programs and initiatives in respect to legislation and regulation, i.e. PCI, ICFR, ITGC
• Perform assessments of technology solutions, third parties, etc., ensuring compliance to the defined security policies, standards and procedures.
• Assist the development and maintenance of 407 ETR security policies, procedures and related documents.
• Work on governance frameworks, work with IT Leadership in order to upscale/improve governance methodology and reporting.
• Oversee information security governance related initiatives.
• Assist in the development and maintenance of a Data Governance program including Integration, Classification, Storage and Quality management

Benefits

• Diversity Equity and Inclusion initiatives
• Trust and transparency in a safe and productive work environment
• Accommodation for disabilities or other grounds protected by human rights legislation are available upon request for candidates taking part in all aspects of the employment selection process.