It Governance, Risk, And Compliance Manager

This role will have an exciting opportunity to be responsible for the implementation and on-going management of an ISO 27001 program and additional IT policies and procedures.

The IT Governance, Risk, and Compliance (GRC) Manager will be responsible for assessing, documenting, and strengthening the institution’s compliance and risk posture. This includes the planning and implementation of policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The GRC manager will work closely with all areas of the organization, vendors, and the IT team to lead and manage the governance, risk and Compliance related activities as described below.

KEY RESPONSIBILITIES

• Assess and document the institution’s compliance and risk posture as they relate to its information assets and operating models across the business units.
• Provide highly skilled, hands-on technical and information security expertise to enhance the development and implementation of the information security management (ISMS) program. The GRC Manager will be accountable for identifying, developing, and implementing the necessary controls to ensure the organization’s ISMS program remains robust and current for the firm.
• Accountable to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines.
• Operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
• Operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates.
• Setup a third-party vendor review process to ensure initial and ongoing compliance with our ISO 27001 standards.
• Improve the organization’s security posture through continuous process improvement, policies automation, testing and monitoring.
• Defines and documents business process responsibilities, ownership, exceptions and risks in a GRC tool.
• Develops reporting metrics, dashboards, and evidence artifacts, illustrating the effectiveness of the controls implemented.
• Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Assists other staff in the management and oversight of IT security program functions.
• Remains current on best practices and technological advancements and acts as the organization's technical resource for security assessment and ISO 27001 compliance.

Requirements

KEY QUALIFICATIONS

• Minimum 7+ years of Information Security GRC related experience
• Strong understanding of the ISO 27001 information security framework.
• Demonstrated experience with Information Security Risk Management Programs, specifically helping to define an IS risk register which includes identifying threats and risks to the organization.
• Skilled in identifying and measuring Key Performance Indicators and Key Risks Indicators.
• Experience managing IT security programs in cloud-centric organizations.
• Experience with key cloud providers and their respective IAM security products/solutions.
• Excellent communication and relationship management skills with business stakeholders to identify and address top security risks.
• Experience with leading discussions, establishing outcomes, and negotiate paths forward with stakeholders.
• Excellent analytical and problem-solving skills with attention to detail.
• Proficiency in project management and experience in people leadership
• Ability to evolve security strategy based on research, data, business direction, and industry trends.
• Excellent Team player.
• Able to meet timelines.

CORE COMPETENCIES

• Being Authentic –Inspiring trust and being courageous.
• Focusing on Performance –Being accountable and driving results.
• Understanding Stakeholders – Knowing the needs of those who rely on you.
• Building Effective Relationships – Collaboration and communication.

LOCATION

The position can be based out of either the Toronto or Oakville office.

Fengate is an equal opportunity employer, we strive to attract and retain a diverse workforce and are committed to promoting diversity, equity, inclusion, and belonging in the workplace. It is a core priority at Fengate to create, operate with, and continuously grow and sustain an inclusive culture that respects and connects the diversity of our team, our clients, our partners, and the communities we work in.

We are committed to providing accommodation for persons with disabilities. If you require accommodation, we will work with you to meet your needs.

We thank all applicants for their interest in this position; however only candidates selected for an interview will be contacted.