Manager, Governance, Risk and Compliance

**About us**

We are an organization driven by purpose. We are obsessed about serving Canadians and we are deeply committed and passionate about protecting their hard-earned money when it matters most. We live our promises and commitments every day by serving Canadians as one, and we have their best interest at heart. We strive to build an inclusive, accepting culture with commitment, determination and a bias for action.

The right challenge is waiting for you Discover how valuable your experience can be and join our team.

**About the role**

As a Manager, Governance, Risk and Compliance (GRC) you will be responsible for overseeing the organization's cyber security governance, risk management, and compliance efforts. The role involves working with a team of cyber security professionals and working closely with other departments and stakeholders to ensure the organization's data and assets are protected and compliant with relevant laws, regulations, standards, and best practices.

This role can be performed from our Toronto or Ottawa offices, following a hybrid model approach. #LI-Hybrid

**We trust you will be up to the challenge**
- Support CDIC’s cyber security strategy by identifying the need for, and fulfilling the development and implementation of administrative security controls to protect the organization’s data and assets, through policies, procedures, security awareness, and security assessments.
- Lead CDIC’s compliance efforts with relevant information security and privacy-related obligations as required by laws, regulations, standards, and by following best practices and adopting security frameworks such as ISO 27001, NIST, ITSG-33, and COBIT.
- Manage the organization's risk management program, including identifying and assessing risks, developing risk mitigation plans, and monitoring and reporting on risk management activities.
- Manage CDIC’s cyber security team, including recruiting, training, and developing staff.
- Collaborate with other departments such as Legal, Technical Services, and Internal Audit, as well as external stakeholders to ensure the organization's cyber security policies and procedures align with business objectives.
- Remain up to date with the latest cyber security threats and trends, and promote and foster a culture of continuous improvement across the organization to increase organizational maturity and reduce risk.
- Create reports for CDIC’s management team and Board of Directors to provide visibility on trends and to measure the overall effectiveness and performance of the cyber security program.
- Coordinate post-incident meetings between impacted stakeholders to identify the root cause of such incidents, identify recommendations to prevent future occurrence of similar incidents, and ensure the implementation of any such recommendations.
- Ensure security controls are operating effectively by maintaining control documentation, performing periodic reviews, and coordinating with others to maintain compliance.
- Complete the annual SWIFT attestation activities that are required for financial institutions

**About you**

You take pride in your work and are passionate about having an impact. You face challenges head-on, are an excellent communicator and collaborator, and act with integrity.
- Ability to weigh and balance risk versus business requirements to ensure cybersecurity, audit policies and practices, are aligned with organizational risk appetite.
- Ability to facilitate discussions with highly technical teams to identify root causes of security incidents, and to effectively explain these findings verbally and in writing to non-technical audiences.
- Strong leadership and project management skills.
- Strong analytical and problem-solving skills.
- Strong communication, presentation, and interpersonal skills

**We trust you will bring your expertise**
- Bachelor's degree in a related field such as Computer Science, Information Systems, Cyber Security, or Business Administration.
- Minimum of 10+ years of experience in Cyber Security and Governance, Risk and Compliance roles.
- Certification such as CISSP, CISM, or CISA is required.
- Knowledge of risk assessment methodologies and risk remediation is required.
- Strong knowledge of relevant industry standards such as ISO 27001, NIST, and ITSG-33.
- Experience with incident response, disaster recovery, and risk management.
- Experience leading a team of information security professionals is required.
- Experience working with auditors and regulatory bodies is required.
- Experience conducting third-party auditing.
- Experience using GRC tools.
- Experience using ServiceNow to measure performance, identify trends, and resolve problems.
- Experience working in a highly regulated industry is a plus.
- Certification in ITIL is a plus.

**Must have**

Language Requirements: English Essential

Security Clearance: Eligibility to obtain a Secret level security clearance

**Sound like you?