Job Description
Role : Senior Manager of Security Governance, Risk, and Compliance
You will be responsible for assessing compliance obligations, maintaining the information security risk management program and governing the overall information security control environment.
Additionally, your role will include the responsibility of ensuring that information security risks are clearly understood, monitored and communicated and that the information security risk management program is formally integrated with the Integrated Risk Management function.
If you have experience in an enterprise organization leading a team of security professionals and are looking for your next big challenge, we want to hear from you!
Responsibilites :
Maintaining a comprehensive Information Security Risk Management program for identifying, assessing, managing and reporting information security risk.
Maturing the information security risk management framework ensuring alignment with Integrated Risk Management terminology, definitions and nomenclature quantitatively representing information security risk relative to established tolerances.
Understanding information security obligations in relation to regulatory and industry requirements, compliance commitments and internal / external audit observations.
Designing, implementing, and maintaining an information security risk register and security controls library.
Managing control effectiveness testing activities ensuring validity and accuracy of implemented controls.
Establishing and maintaining repeatable processes to ensure a secure relationship with third parties and vendors including security certification compliance validation, security control verification and conducting third party / vendor security risk assessments.
Providing oversight to team members and contractors, influencing them to take positive action and accountability for their assigned work and responsibilities.
Creating procedures for the purpose of establishing standard behaviors contributing to the achievement of defined service levels and regulatory commitments.
Ensuring that data and services are consumed in a secure manner, achieving confidentiality, availability and integrity expectations.
Managing resource time and costs associated with contractors and all after-hours support ensuring alignment to approved budget.
Essential Education and Experience :
College diploma or university degree with a minimum of 5 years related experience or a minimum of 10 years of equivalent experience.
5-7 years of progressive experience in Information Security and 3-5 years of managerial experience guiding a team of security risk management resources.
Extensive experience conducting security risk assessments.
Strong familiarity with industry frameworks and financial industry regulations; PCI, Interac, ISO 31000, NIST Risk Management Framework, etc.
Experience operating within a large enterprise environment.
Essential Professional Competencies :
Strong communication skills and developed interpersonal and leadership abilities.
Knowledge of approaches, tools and techniques for managing and reporting on security risk.
Ability to use critical judgement to make decisions and solve problems involving various levels of complexity, ambiguity and risk.
Strong organizational skills with an ability to effectively prioritize. Good analytical skills and a strong attention to detail.
Experience in managing vendors towards service and / or contractual commitments.