Senior Compliance Security Specialist

Canadian Tire CorporationOakville, ON
CA$64,000 - CA$106,000

About The Position

The Information and Cyber Security Governance (IRGS) function is a dedicated team responsible for effectively managing and controlling information and cyber security within an organization. They develop and maintain policies, standards, and procedures/guidelines/process documents related to information and cyber security. The team identifies, assesses, and manages cyber risks, performs risk assessments, and reports on the organization's cyber risk profile. They promote a strong cyber risk and information security culture throughout the organization. Additionally, the IRGS team conducts vendor assessments, reviews hardware and software for security gaps, remediates deficiencies, and tests control effectiveness. They build partnerships with stakeholders across the organization, implement self-assessment processes incorporating risk and controls assessment in day-to-day activities, and contribute to adopting state-of-the-art tools and techniques. The team also escalates significant cyber-related issues or observed non-compliance or unethical behavior. It's important to note that the IRGS team reports directly to the Chief Information Security Officer (CISO) of CTB, who oversees the organization's overall information and cyber security strategy. This reporting relationship ensures alignment with strategic goals and facilitates effective coordination, collaboration, and decision-making between the IRGS function and other areas of the organization. In summary, the IRGS function plays a vital role in governing and managing information and cyber security to protect the organization's assets, data, and systems from potential threats while maintaining a direct line of communication with senior leadership through its reporting structure to the CISO.

Requirements

  • University degree or college diploma in technology.
  • Possess one or more professional certifications, such as CISSP, CISM, CISA, CCSP, CRISC etc.
  • Up to 5+ years of experience in understanding risks, audits and processes relating to Information/Cyber Security and IT.
  • Excellent communication skills.
  • Good documentation and presentation skills.
  • Creative thinker who takes initiative.
  • Problem solver with the ability to analyze and prioritize to meet business objectives.
  • Collaborative team player with superior influencing skills, who builds relationships easily.
  • Organized individual who is always seeking to automate or improve efficiency of procedures.
  • Creative thinker who is observant to seek new opportunities and perceptive to abstract ideas.
  • Goal driven individual to seek out continuous improvement opportunities.
  • The ability to take a collaborative approach to build strong relationships and have positive team experiences.
  • Flexible and dynamic individual who is able to adjust and prioritize accordingly to adapt to business demands and requirements.
  • Solid foundation of relevant technical skills.
  • Demonstrates behaviors of transparency, accountability agility and learning from others that will support your success.
  • Good understanding of vulnerability and configuration management procedures and how those impact an organization.
  • Good knowledge and understanding about penetration testing and application security.
  • Good scripting skills using Python or similar tools.
  • Experience with developing dashboards using Power BI.
  • Understands/Experience in risk assessments including third-party risk.
  • Good understanding and some experience of managing applications/platforms.
  • Have knowledge of security governance frameworks, policies and standards.
  • Understands principles of security controls testing.
  • Audit and/or IT risk management.
  • Knowledge of IT risk and control frameworks, COBIT 5, NIST CSF & ISO27001, CIS.
  • Understand System Development Life Cycle (SDLC) process and agile methodologies.
  • Familiarity with Data Privacy and Protection standards PCI, PII.
  • Basic knowledge of cryptography and encryption algorithms.
  • Familiarity with identity management controls including Multi Factor Authentication and Single Sign On.

Responsibilities

  • Spearheading initiatives to identify, investigate, communicate, resolve, and improve information security governance, risk and compliance in IT investments.
  • Partnering with stakeholders across the organization, including Technology, Enterprise Risk Management, Internal Audit, PCI Compliance, Vendor Management, to assess cybersecurity risks, including 3rd party risk, and help teams determine mitigation strategies.
  • Acting as a champion in risk assessment of technologies and processes, including digital crown jewels and other compliance impacting technologies and processes.
  • Connecting the dots to improve and enhance risk assessment processes.
  • Understanding and collaborating with stakeholders for prioritizing and mitigating vulnerabilities identified within the environment through various assessment activities.
  • Following up on vulnerabilities, configuration and cloud gaps and tracking remediation.
  • Helping to mature the existing vulnerability management program.
  • Assessing third-party risk on the use of vendors for day-to-day operations.
  • Providing oversight, reporting, and metrics on risk functions.
  • Performing security risk assessments for various projects and changes.
  • Assisting with and documenting identified risks for presentation and approval from business and leadership.
  • Anticipating risk and assisting owners in building action plans for risk mitigation.
  • Reviewing risk assessments of non-senior team members and peers.
  • Validating operating effectiveness of IT general controls.
  • Maintaining risk and controls repositories and documentation.
  • Providing support for policy exception management procedures.
  • Assisting with metrics and reporting.
  • Managing platforms/applications within the mandate of the team.

Benefits

  • Comprehensive benefits and retirement programs
  • Performance incentives
  • Continuing Education Programs
  • Other perks to support your well-being
  • Career growth opportunities
  • Product discounts
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service