Specialist Information Security Grc (Governance, Risk & Compliance)

CN is looking for an Information Security GRC (Governance, Risk & Compliance) specialist to help sustain and grow our Information Security Compliance responsibilities .

Reporting to the Senior Manager GRC , the specialist will primarily be responsible for supporting Sarbanes-Oxley (SOX) regulatory compliance and other compliance management activities relating to cybersecurity and the Information Security program. The specialist will act as Subject Matter Expert (SME) for Information Security subjects including, but not limited to: SOX IT General Controls compliance and understanding Information Security regulatory frameworks such as Payment Card Industry (PCI), Transportation Security Association (TSA), and others; compiling and reporting associated metrics and compliance evidence; project support and GRC processes consulting; owning, managing, reporting, and auditing compliance against Information Security controls.

·Assess and challenge the effectiveness of Information Security requirements and controls by working collaboratively with system owners and other stakeholders.

·Provide primary leadership on maintaining, supporting, and operating the CN Information Security GRC framework, including ensuring regulatory compliance within the I&T business unit, management of security related policies, and constant evolution to adapt to business requirements.

·Communicate, oversee, and support security recommendations to meet business objectives in a proactive and pragmatic manner, ensuring an appropriate level of engagement with clients to ensure success.

·Ensure that adequate and effective Information Security controls are documented and followed.

·Collaborate withGRC Risk SMEs to ensure that any identified risks are appropriately logged and managed.

·Report on Information Security compliance, and their relationship with business impacts.

·Provide guidance during the assessment and/or review of new IT solution and/or new and existing technology to maintain compliance with regulatory (g., Sarbanes Oxley, PCI, SWIFT, etc.) and security requirements.

·Interact with other cybersecurity teams and various I&T entities as necessary to understand, apply, and enforce security requirements.

Requirements

Experience

·5+ years of experience in an Information Security / cybersecurity / compliance / IT Audit role

·Practical experience tracking and reporting KPIs/KRIs

·Previous experience in ensuring compliance with SOX IT General Controls or other IT controls is an asset

·Experience with GRC tools, ServiceNow, and/or Power BI is a plus

Education/Certification/Designation

Possess a Bachelor's Degree in an IT discipline or a related field -or- equivalent work experience.

Professional Designation in Information Security compliance or Security such as Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), and/or other related designations.

Technical Skills/Knowledge

·Broad knowledge of Information Security processes and functions including risk management, vulnerability management, access management, and secure development

·Strongknowledge and practical experience applying standards, frameworks, regulations, and legislation governing Information Security and privacy, e.g. NIST, ISO 27001, COBIT, SOX, PIPEDA

·Knowledge and practical experience developing, managing, and updating Information Security policies, standards, procedures, and other documentation

·Knowledge and general understanding of IT and OT security controls and control models.

General Skills and Competencies

·Integrity with high ethical standards

·Effective communication and interaction with others

·Teamwork & collaboration in order to achieve common goals