Sr. Manager, Technology Risk & Compliance
This position is responsible for facilitating the security governance, risk and compliance function. The individual is responsible for establishing and maintaining the overall Cybersecurity risk management program, which is designed to ensure that the company’s technology systems and data are adequately protected. The individual will work with various clients, business units, and other internal departments and organizations to implement practices that meetthe company's defined policies and standards for information risk management. The Security GRC team is responsible for providing oversight and governance over all cybersecurity related activities within the company to ensure management awareness, metrics and compliance posture of the cybersecurity environment.
You will be accountable to:
- Provide management oversight and serve as the lead point of contact for the Cybersecurity Risk and Compliance team
- Take end to end ownership of cybersecurity owned programs and related teams including security policies, vendor risk and compliance management, regulatory audits and compliance management, metrics, risk and performance indicators, executive and board reporting, security awareness and training, security integration and assessment of M&A and related ventures
- Responsible and development of security risk management using continuous self-assessments and executive reporting
- Provide continuous input to the CISO and help measure the cybersecurity risk posture of the company
- Provide leadership and engage with lines of business to perform security assessments and ensure timely execution of projects and program while mitigating any security risks
- Manage and operate the third party security risk management program and teams
- Continuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts
- Provide leadership and guidance to the team in the areas of business knowledge, security operations, strategy and best practices
Your experience includes:
- Bachelor’s degree in Computer Technology or a related field of study
- Professional Security designation – CISSP or equivalent is required
- 10 + years of experience in running a cybersecurity GRC role or a related function
- Knowledge of security standards including NIST, ISO27001, PCI DSS and PA DSS. Also, having deep experience in understanding regulatory and industry standards such as PCI, ISO standards, NIST framework, SSAE, etc.
- Experience with a wide array of security platforms, protocols, tools, and technologies
- Hands on leadership experience in authoring security policies, developing standards, deploying GRC solutions to effectively manage and measure on the cyber risk posture
- Technically strong in understanding and solving complex cybersecurity challenges, having a track record of leading the delivery of complex, multi-faceted technology initiatives
- High degree of technical complexity and conservancy
- Excellent communication skills – ability to communicate at all levels of an organization. In addition to having strong project management, analytical skills and problem solving abilities.
Note : Applicants must be eligible to work in Canada
Please send your resume at firstname.lastname@example.org