Information Security Governance, Sr. Manager
The Information Security Governance Sr. Manager is a key resource to ensuring Interac Corp. “Security First” principles are embedded in all environments. The successful candidate will have knowledge of principles in security policies and standards and modern practices and a good understanding of security aspects of the various technologies. As a member a dedicated Information Security team, the manager of Information Security Governance works closely with senior leadership, team members and staff across HR, Fraud, Operations, Infrastructure and Risk teams to ensure the organization is operating securely.
In this role, you are working with the various teams to maintain security posture of the organization. You want to know as much about the state of the environment as you can, and you can think outside the box when it comes to proposing solutions which will benefit the organization.
A key initiative will be achieving ISO 27001 Certification.
You’re great at…
Managing direct and indirect staff and responsible for ongoing recruitment, performance evaluation, coaching, development and mentoring a team of highly specialized security professional
Collaborate with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services.
Define and implement the security risk assessment framework
Proactively contribute to governance initiatives, providing technical and business advice, as well as insight on management processes.
Contribute to the development of governance and risk-related company policies.
Align and refine Information Security policies and standards with industry best practices, pertinent regulations and standards bodies.
Develop and document security processes to support security Lifecyle in the SDLC, vendor management office, project management office.
Develop security requirements matrix mapped to organization’s policies and standards
Prepare and maintain risk register that identifies gaps during project, system and software lifecycles through security risk assessments or security reviews and track these for remediation
Prepare, track and maintain risk acceptances and security exceptions.
Leverage expertise in Information Security Management to prepare and conduct security assessments for both planned initiatives and unplanned instances.
Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization
Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions
Perform assessments of the security program and assist with assessments by third parties
Participate and support security related audit.
Serve as the key interface with external and internal auditors for security compliance related activities.
Support development of enhancement to security awareness program.
Provide security awareness training across the organization.
Create and update technical documents in line with company policies.
Evaluate and monitor third party vendors for security compliance.
Ensure that effective BCP/DR policies and plans are in place and maintained.
Keep abreast of the cybersecurity threats and assess their potential impact to Interac’s posture.
Who are you?
You have a Degree or Diploma in Information Technology and/or business, or combined relevant field experience and certifications.
You have 7+ years of experience working with or in Information Security, Information Security Governance, Security Risk Management in medium to large sized organizations.
You have 3+ years of experience leading a team and have strong and proven leadership capabilities with communication, coaching, influence, negotiation and conflict resolution.
You have experience with Information Security practice and processes including threat and risk assessments.
You are highly motivated, and results oriented with an ability to handle high pressure situations with key stakeholders.
You have strong service management and service delivery orientation.
You have excellent presentation skills and an ability to present complex information in a manner suitable for technical and non-technical audiences.
You have experience administrating GRC solution.
You have working experience with Information Security Control Policies and industry standards: PCI, ISO 27001/2, NIST 800 Series.
You have knowledge of the security of cloud environments, vulnerability assessments, identity and access management.
You have excellent knowledge in several areas of information security (domain knowledge)
You have a CISSP, CGEIT, CISA, CRISC, CISM and/or certifications.