Information Governance Manager, Information Security

We are hiring
an Information Governance Manager
Reporting To
Senior Manager, GRC (Information Security)

Full-Time/Part- Time
Full-time

Posting Date
January 15, 2026

Closing Date
January 30, 2026

Salary Range
$99,833 - $149,833

Hours Of Work
8:30 a.m. – 5:00 p.m.

Grade
Office Location:

16.4

Toronto, ON

Great location Steps away from the main public transit station

What We Offer
Highly competitive compensation package which includes base salary,

bonus, benefits, and career advancement opportunities

• Eligibility for benefits is dependent on the terms of employment

The Opportunity
A strategic and integral member of the Information Security organization, the Manager, Information Governance is accountable for establishing and leading First National's enterprise Information Governance (IG) program—covering policy, standards, stewardship, lifecycle management, and compliance—while partnering closely with Business divisions, Privacy, Legal, IT, and Information Security.

This role ensures information is trusted, well‑classified, properly controlled, and governed by design, enabling risk reduction, regulatory compliance, and business value creation. The Manager will drive stakeholders in adoption across the enterprise through strong stakeholder engagement, training, and measurable outcomes.

How You Will Contribute
Strategy and Program Leadership

• Build, implement, and continually mature the enterprise Information Governance Strategy and Program—including vision, multi‑year roadmap, operating model, RACI, and funding plan.
• Establish information governance councils / stewardship forums and drive cross‑functional alignment (Business divisions, Privacy, Legal, IT, and Information Security).
• Define program KPIs and dashboards (coverage, control effectiveness, classification completeness, retention compliance, DLP incidents, etc.) and report to senior leadership.

Governance

• Develop, formalize, and maintain Information Governance policies and standards (Data Classification, Metadata, Access Governance, Records Retention & Disposition, Defensible Deletion, Legal Hold & eDiscovery, Acceptable Use).
• Maintain the Data Classification Scheme (public/internal/confidential/highly confidential; PII sensitivity overlays), guidance, and labeling rules; ensure currency and enforceability.
• Author and maintain procedures and playbooks for data lifecycle activities (intake, sharing, cross‑border transfers, archival, and destruction).

Information Identification & Classification

• Identify the current sources and repositories for the organization's data, for both structured and unstructured data, and map with the catalog of current controls.
• Collaborate with the business units (Data Owners) and Privacy Office to review and classify the business data, and work with Data Custodians to ensure that adequate controls are implemented commensurate to the associated risk.
• Review and monitor the data classification process.
• Implement the necessary data security protections aligned with the data classification and security policies.
• Identify, document and present data classification metrics to senior management.
• Periodically review the data discovery process (interview questions, tools, reporting) to check for accuracy and currency.
• Participate in training activities for data security and data classification best practices.

Controls Management

• Implement & maintain an approach to effectively design and implement a program that considers the relevant technical and process-based controls.
• Identify the set of technical controls involved in adequately securing the organization's sensitive data.
• Monitor security controls and measures to protect sensitive data.
• Create, implement, and review mechanisms and strategies to protect the confidentiality, integrity, and availability of data-at-rest, data-at-use, and data-at-transit.
• Manage tools associated that assist with Data security which have been implemented within the organization.

The Experience You Need

• Bachelor's degree in computer science/IT Management/MIS or the equivalent work. experience is required. Graduate degree preferred.
• A minimum of 5 years of prior Information Security Management experience is required with audit or implementation of relevant information security frameworks.
• Experience building and managing enterprise policies, standards, and stewardship programs and operationalizing retention, classification, and access governance.
• Familiarity with financial‑services regulatory context and control assurance.
• Demonstrated experience in project and/or program management is required, including planning, coordinating, and executing complex initiatives and leading cross-functional teams to achieve organizational objectives.
• Experience defining and implementing operating models to support governance program objectives.
• Proven ability to influence senior executive leadership and empower team members, including those outside of direct reporting lines.

Skills And Attributes

• A proven track record of planning and executing complex work efforts.
• Strong interpersonal communication, analysis, and writing skills.
• Superior verbal and written communication skills.
• Intermediate presentation and MS Excel skills.
• Able to align management and leadership strategies when working on projects.
• Ability to manage relationships, resolve conflicts and constraints, ensure compliance with ethical and professional standards when managing projects.

• Certifications (Preferred):

• IG/Privacy/Data Governance: IAPP CIPP/CIPM/CPPA (when available), CRM (Certified Records Manager).

• Security/GRC: ISO 27001 Lead Implementer/Auditor, CISM/CISSP, CISA, CDPSE.

Working Environment And Physical Demands Analysis

• Office environment
• Periods of high volume with tight timelines
• Long periods of stationary position/sitting
• Prolonged periods of repetitive movement (i.e. using a keyboard and mouse)
• Long periods of time in viewing a computer screen
• Multi-tasking may include speaking to customers on a telephone call while looking up information on a computer program.

Why join First National?

• Competitive Compensation
• Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up)
• Hybrid working environment [select if applicable].
• Extensive training programs to set our employees up for success
• Modern office environment conducive to collaboration
• Supportive teamwork culture
• Opportunities to give back to the communities and work through events focused on a variety of charities
• Ongoing social events throughout the year

The Team You'll Join
Founded in 1988, First National is one of Canada's largest non-bank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canada's largest commercial mortgage lender.

First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.

We would like to thank all applications for their interest in this existing vacancy, but only candidates selected for an interview will be contacted.
First National is proud to be an
equal
opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation and any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at

should you need an accommodation at any point in the recruitment process.

Artificial Intelligence is not used in our recruitment or hiring process for this role.
#FNLOON