The Information Security Governance Sr Manager is a key resource to ensuring Interac Corp. “Security First” principles are embedded in all environments. The successful candidate will have knowledge of principles in security policies and standards and modern practices and a good understanding of security aspects of the various technologies. As a member of a dedicated Information Security team, the manager this role works closely with senior leadership, team members and staff across HR, Fraud, Operations, Infrastructure and Risk teams to ensure the organization is operating securely.
In this role, you are working with the various teams to maintain security posture of the organization. You want to know as much about the state of the environment as you can, and you can think outside the box when it comes to proposing solutions which will benefit the organization.
A key initiative will be achieving ISO 27001 Certification.
You’re great at…
Collaborate with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services.
Assigned responsibility as the organization ISMS Officer.
Define and implement the security risk assessment framework
Proactively contribute to governance initiatives, providing technical and business advice, as well as insight on management processes.
Contribute to the development of governance and risk-related company policies.
Align and refine Information Security policies and standards with industry best practices, pertinent regulations and standards bodies.
Develop and document security processes to support security Lifecyle in the SDLC, vendor management office, project management office
Develop security requirements matrix mapped to organization’s policies and standards
Prepare and maintain risk register that identifies gaps during project, system and software lifecycles through security risk assessments or security reviews and track these for remediation
Prepare, track and maintain risk acceptances and security exceptions.
Leverage expertise in Information Security Management to prepare and conduct security assessments for both planned initiatives and unplanned instances.
Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization
Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions
Perform assessments of the security program and assist with assessments by third parties
Participate and support security related audit
Serve as the key interface with external and internal auditors for security compliance related activities
Support development of enhancement to security awareness program
Provide security awareness training across the organization
Create and update technical documents in line with company policies
Evaluate and monitor third party vendors for security compliance
Ensure that effective BCP/DR policies and plans are in place and maintained
Keep abreast of the cybersecurity threats and assess their potential impact to Interac’s posture
Who are you?
You have a Degree or Diploma in Information Technology and/or business, or combined relevant field experience and certifications
You have 7+ years of experience working with or in Information Security, Information Security Governance, Security Risk Management in medium to large sized organizations
You have 3+ years of experience leading a team and have strong and proven leadership capabilities with communication, coaching, influence, negotiation and conflict resolution
You have experience with Information Security practice and processes including threat and risk assessments
You are highly motivated, and results oriented with an ability to handle high pressure situations with key stakeholders
You have strong service management and service delivery orientation
You have excellent presentation skills and an ability to present complex information in a manner suitable for technical and non-technical audiences
You have experience administrating GRC solution
You have working experience with Information Security Control Policies and industry standards: PCI, ISO 27001/2, NIST 800 Series.
You have knowledge of the security of cloud environments, vulnerability assessments, identity and access management
You have excellent knowledge in several areas of information security (domain knowledge)
You have a CISSP, CGEIT, CISA, CRISC, CISM and/or certifications
How we work
We know that exceptional people have great ideas and are passionate about their work. Our culture encourages excellence and actively rewards contributions with:
Connection: You’re surrounded by talented people every day who are driven by their passion of a common goal.