Infosec Specialist, Grc

We are banking at another level.

Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.

Choosing BDC as your employer also means:
- Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few- In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1- A hybrid work model that truly balances work and personal life- Opportunities for learning, training and development, and much more...

POSITION OVERVIEW

The Cybersecurity Governance, Risk, and Culture department is seeking a talented individual to play a crucial role within the team, aligning these functions with BDC’s business objectives. The InfoSec Specialist will work collaboratively with InfoSec squads, IT teams, and other lines of defense to ensure robust risk management and strategic decision-making. This position encompasses more than traditional GRC activities, including performance measurement, strategic planning, and security reporting. The specialist will be part of a transformation towards an agile mindset, where squads are empowered to make key decisions within their scope, including how they work, which tools to use, and how to achieve their objectives.

KEY ACTIVITIES

You will be assigned to one of our squads and have the following responsibilities:
Governance, Risk, and Compliance- Develop and maintain governance documents (policies, directives, procedures, standards).- Establish and uphold our risk and controls framework.- Monitor compliance with legal, regulatory, and industry standards.- Perform and support control assessment activities (effectiveness, maturity).- Deliver comprehensive risk assessments/reviews, including identifying and documenting risks and controls.- Support internal and external audits and ensure audit readiness.- Track action plans.- Assess third-party security and perform ongoing monitoring activities.

Performance Measurement & Reporting- Define and track key performance indicators (KPIs) of our controls and key risk indicators.- Analyze trends and performance data to identify areas for improvement.- Prepare and deliver regular reports and dashboards for senior leadership.

Strategy & Strategic Planning- Contribute to the development of the InfoSec strategy and strategic plan.- Track the progress of the InfoSec strategic plan.- Identify emerging threats, risks, and opportunities to evolve our framework.- Support InfoSec transformation initiatives to align with new corporate and IT orientations.

CHALLENGES TO BE MET-
- Perform in-depth analyses of our risks and controls, synthesize data and observations, and effectively communicate conclusions.- Gain buy-in and cooperation from stakeholders across departments with differing priorities and foster a culture of accountability over risks and controls.- Enable our governance capability through data-driven performance measurement to assess the effectiveness, efficiency, and experience of InfoSec controls.- Produce clear and structured documentation that supports transparency and traceability.- Stay ahead of new threats and adjust frameworks accordingly.-
- Demonstrate leadership skills, work independently and thrive in a dynamic, deadline-focused environment.- Demonstrate excellent verbal and written communication skills in both official languages

WHAT WE ARE LOOKING FOR:- Development of governance documents- Management of risk and control frameworks- Risk assessment, including third-party risk assessment- IT audits and control assessments- Development of performance indicators and delivery of executive reports- Development of InfoSec strategy- Excellent knowledge of risk management and internal control frameworks such as ISO 27001, NIST, COBIT, OSFI.- Excellent knowledge and experience with Microsoft products and platforms (especially Excel, PowerPoint, PowerBi, SharePoint)- B.A./B.S in Computer Science, Information Security, Engineering, or equivalent discipline or CPA.- Relevant IT audit certifications are a plus, such as:
- Certified in Risk and Information Systems Control (CRISC)- Certified Information Systems Auditor (CISA)- Certified Information Security Manager (CISM)- ISO 27001 Lead Implementer or Auditor

INDHP

.