AddressRequisition ID: 180533
Career Group: Corporate Office Careers
Job Category: Cyber Security Architecture & GRC
Travel Requirements: 0 - 10%
Job Type: Full-Time
Country: Canada (CA)
Province: Nova Scotia; Alberta; British Columbia; Ontario
City: Stellarton / Calgary / Vancouver / Mississauga
Location: Tahoe Office, Calgary Office, King St. Office, Vancouver Office
Postal Code: L4W 0C7
Our family of 134,000 employees and franchise affiliates share a collective passion for delivering exceptional shopping experiences and amazing food to all our customers. Our mission is to nurture the things that make life better – great experiences, families, communities, and our employees. We are a family nurturing families.
A proudly Canadian company, we started in a small town in Nova Scotia but we are now in communities of all sizes across this great country. With over 1500 stores in all 10 provinces, you may know us as Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, Lawtons Drug Stores or another of our great banners but we are all one extended family.
Ready to Make an impact?
Sobeys is full of exciting opportunities, and we are always looking for bright new talent to join our team! We currently have a full-time opportunity for a Senior Cyber Security Specialist - GRC. This role can be based out of one our main offices including: Stellarton, NS; Mississauga, ON; Alberta, AB; Vancouver, BC.
Here’s where you’ll be focusing:
As a Senior Cyber Security Specialist - GRC with Sobeys, you will:
- Act as a subject matter expertise in Information and Technology risk and control.
- Maintain and proactively manage the cyber risk register, as well as perform IT risk and control self assessments to identify, monitor and evaluate IT risk, including for Third-Party or vendor risk management.
- Engage appropriate stakeholders in enhancing IT risk and control internal processes and risk management capabilities, assisting in the continuous improvement for managing relative IT risks.
- Assist/support IT functions and the enterprise risk management team to perform/conduct annual risk assessments and control testing across the organization.
- Assist with development, integration, and continuous improvement of the Enterprise IT Risk Management framework, including IT risk taxonomy, tools, risk appetite, IT risk metrics (KRI/KPI), and technology enablement.
- Analyze, document and prepare regular reporting to senior management on information security risk and our IT compliance.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
- Build and maintain effective relationships with cross-functional teams including program/project managers and other internal and external auditors, solution architect, legal, etc.
- Update and/or define cyber policies, processes and standards to enhance the overhaul cyber maturity.
- Perform any ad-hoc tasks as assigned to support the Manager IT GRC regarding all aspects of Enterprise and IT Risk Management.
#LI-Hybrid
What you have to offer:
Your experience and resume will show us:
- 8+ years of experience in information security, risk management and/or IT compliance.
- Professional designation in information security, control, and governance (e.g., CISA, CISSP, CIPP, CIPT, CRISC, CDPSE, PCIP, PCI-ISA) are desirable.
- University Degree in related field and/or equivalent experience.
- Strong working knowledge and experience working with IT risk and control frameworks and industry standards (NIST 800-53R5, NIST CSF, ISO 27001/02, COBIT, PCI and CIS 18).
- Experience working with IT-GRC tools is an asset (ServiceNow, Archer, OneTrust, Resolver, Tugboat, etc).
- Strong understanding of risk management frameworks and methodology
- Self-starter with excellent written and verbal communication skills, along with analytical, and problem-solving skills.
- Proven experience in writing policies, procedures, and reports.
- Excellent presentation skills for IT risk management training to medium to large sized audiences.
- Independently driven, resourceful, and able to deliver results with minimal direction.
- Any previous experience around PCI-DSS certification for a level 1 merchant, is an asset for this role.
The salary range for this position in [British Columbia] is [$90,666K - $125,000K per year]. We will consider factors such as your working location, work experience and skills as well as internal equity, and market conditions to ensure that you are paid fairly and competitively.
Our Total Rewards programs, for full-time teammates, goes well beyond your paycheque:
- Competitive Benefits Package, including health and dental coverage, life, short-term and long-term disability insurance, tailored to meet your needs.
- Access to Virtual Health Care Platform and Employee and Family Assistance Program.
- A Retirement and Savings Plan that provides you with the opportunity to build and add value to your savings.
- A 10% in-store discount at our participating banners and access to a wide range of other discount programs, making your purchases more affordable.
- Learning and Development Resources to fuel your professional growth.
- Paid Vacation.
Sobeys is committed to accommodating applicants with disabilities throughout the hiring process and will work with applicants requesting accommodation at any stage of this process.
While all responses are appreciated only those being considered for interviews will be acknowledged.
We appreciate the interest from the Staffing industry however respectfully request no calls or unsolicited resumes from Agencies.
