Governance Risk

Governance Risk and Compliance, Lead

The Governance Risk and Compliance, Lead is a key resource to ensuring Interac Corp. "Security First" principles are embedded in all environments. The successful candidate will have knowledge of principles in security policies and standards and modern practices and a good understanding of security aspects of the various technologies. As a member a dedicated Information Security team, The Governance Risk and Compliance Lead works closely with senior leadership, team members and staff across Risk, Audit, Legal, HR, Fraud, Operations, and Infrastructure teams to ensure the organization is operating securely.

In this role, you are working with the various teams to maintain security risk posture of the organization. You want to know as much about the state of the environment as you can, and you can think outside the box when it comes to proposing solutions which will benefit the organization.

A key initiative will be maintaining ISO 27001 Certification.

You're great at…

• Expertise leading the implementation and ongoing management of the Governance Risk and Compliance Tool (GRC Tool) for Information Security
• Preparing and maintain risk register that identifies gaps during project, system and software lifecycles through security risk assessments or security reviews and track risks for remediation
• Reporting on and measure the effectiveness of the technical controls via security metrics.
• Enhancing and maintaining the security risk assessment framework
• Proactively contribute to security governance initiatives, providing technical and business advice, as well as insight on management processes
• Aligning and refining Information Security policies and standards with industry best practices, pertinent regulations and standards bodies (ISO 27001/2, PCI DSS, CIS, NIST Series)
• Developing security requirements matrix mapped to organization's policies and standards
• Prepare, track and maintain risk acceptances and security exceptions.
• Leverage expertise in information security risk management to prepare and conduct security assessments for both planned initiatives and unplanned instances.
• Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization
• Collaborate with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services
• Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions
• Participate and support security related and serve as a key interface with external and internal auditors for security compliance related activities
• Support development, enhancement, and socialization of the security awareness program
• Create and update technical documents in line with company policies
• Ensure that effective BCP/DR policies and plans are in place and maintained
• Keep abreast of the cybersecurity threats and assess their potential impact to Interac's posture

Who are you?

• You have an excellent knowledge information security with Degree or Diploma in Information Technology and/or business, or combined relevant field experience and certifications CISSP, CISA, CRISC, CISM
• You have 7+ years of experience working with or in Information Security, Information Security Governance, Security Risk Management in medium to large sized organizations
• You have strong and proven leadership capabilities with communication, coaching, influence, negotiation and conflict resolution
• You have experience implementing and managing a Governance Risk and Compliance Tool
• You have experience with Information Security practice and processes including threat and risk assessments
• You have experience managing risk throughout the risk lifecycle
• You are highly motivated, and results oriented with an ability to handle high pressure situations with key stakeholders
• You have strong service management and service delivery orientation
• You have excellent presentation and communication skills and an ability to present complex information in a manner suitable for technical and non-technical audiences
• You have working experience with Cybersecurity Frameworks and industry standards: ISO 27001/2, PCI DSS, CIS, NIST 800 Series.
• You have knowledge of the security of cloud environments, vulnerability assessments, identity and access management
• You have excellent knowledge in several areas of information security (domain knowledge)
• Eligibility to work for Interac Corp. in Canada in a full-time capacity

Interac requires employees to complete a background check that is completed by one of our service providers. We use this service to complete the following checks:

• Canadian criminal record check;
• Public safety verification;
• Canadian ID cross-check;
• 5-year employment verification;
• Education verification; and
• If applicable, Credit Inquiry and Social Media Check

How we work

We know that exceptional people have great ideas and are passionate about their work. Our culture encourages excellence and actively rewards contributions with:

Connection: You're surrounded by talented people every day who are driven by their passion of a common goal.

Core Values:They define us. Living them helps us be the best at what we do.

Compensation & Benefits: Pay is driven by individual and corporate performance and we provide a multitude of benefits and perks.

Education: To ensure you are the best at what you do we invest in you

Please be aware of certain individuals fraudulently using Interac Corp.'s name and logo to offer fictitious employment opportunities. Interac Corp. will never ask, solicit, nor accept any monies in exchange for employment opportunities. Any such offers of employment are fraudulent and invalid, and you are strongly advised to exercise great caution and disregard such offers and invitations.

Please note that under no circumstances shall Interac Corp. be held liable or responsible for any claims, losses, damages, expenses, or other inconveniences resulting from or in any way connected to the actions of individuals performing such fraud. Further, such fraudulent communication shall not be treated as any kind of offer or representation by Interac Corp. or its subsidiaries and affiliates.