![Canadian National Railway](https://media.trabajo.org/img/noimg.jpg)
Senior Manager Governance, Risk
2 weeks ago
Job Summary
The purpose of this role is to establish and maintain an industry leading Governance, Risk & Compliance (GRC) practice, develop & mentor a team, and develop policies, standards, risk registries and metrics to comply with business and regulatory requirements and build resilience in people, systems and data to enable CN to reach strategic goals and objectives in the face of evolving cyber threats.
Main Responsibilities
Leading Others
Partner with HR to maintain and bring new talent to the organization by determining which skills and roles will be required in the future, supporting, and demonstrating diversity and inclusion, and by making thoughtful hiring decisions
Provide a positive and welcoming onboarding experience to all new employees by ensuring they have access to the tools and resources needed to fulfill the requirements of their job
Recognize employee milestones (service awards, retirements, etc.) as well as significant contributions and enhanced responsibilities
Focus on communications and foster collaboration by regularly providing updates to teams about ongoing initiatives and encouraging teams to work together to accomplish common goals and learning
Manage employee performance to enable potential and ensure employees not meeting expectations are identified and supported through the performance improvement process
Create and enable a positive and engaging work environment by ensuring individual strengths are uncovered and leveraged through frequent and focused conversations - collaborate, coach, and build connections with employees
Participate in succession planning by contributing to the yearly talent review cycle and identifying employees with the potential to move up the management and expertise paths
Support employee development by having regular career conversations with all employees (documented and tracked) and supporting them in reaching their career goals
Ensure knowledge is preserved through cross-training for key skill sets in the team (knowledge transfer)
Governance, Risk & Compliance (GRC) Practice Development
Direct and put in place the proper GRC organizational structure and practices to track and manage information and cyber risk for both IT and OT (Operational Technologies) environments and ensure compliance while enabling the business for digital transformation. Incorporating behavioral change as a key risk management strategy with security awareness training and testing.
Ensure the GRC processes are sustainable and properly documented
Maintain and build relevant, current, valid and reliable team knowledge related to governance, risk and compliance programs and practices.
Advance team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
Ensure the full documentation and timely updates of policies, standards, guidelines, risks, exceptions, management action plans, and GRC processes through clear diagrams and well-written documents
GRC Continuous Improvement
Collaborate with the CISO, cybersecurity team, portfolio managers, architects, business and I&T leadership to understand the business direction and consequent impact on the security posture and risk appetite
Monitor threat intelligence sources, Security Operations Center (SOC) reports, vulnerability management reports, internal audit reports, regulatory changes, industry reporting and business impact analysis to accurately identify and articulate the risk priorities and implement appropriate controls to maintain an appropriate security posture
Engage the cybersecurity vendor ecosystem to understand capabilities and limitations to drive improvements in the security posture of current products, and assist in the selection of the right partners
Continuously monitor and evaluate the environment, including third party risk and subsidiaries, through self-assessments and independent security reviews as well as metrics against the framework. Identify deficiencies and inefficiencies and initiate improvement actions though engaging leadership and architecture.
Working Conditions
Occasional business travel (Canada and US) in accordance with CN policy
Requirements
Experience
Minimum 15 years overall work experience in audit, IT sales, or IT delivery
Minimum 10 years experience in IT audit or IT governance, risk and compliance
Minimum 5 years experience in managing IT governance, risk and compliance
Railroad, transportation, or Global industrial experience is a significant plus (asset)
Education/Certification/Designation
Bachelor's degree in Computer Science, Business Administration, System Analysis or other relevant field (or) an additional 5 years of relevant experience.
At least one recognized cybersecurity certification appropriate for GRC: e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), Certified in Risk and Information Systems Control (CRISC), etc.
Competencies
Demonstrated capability to understand the security implications of complex business operations and how they are linked to technological or process solutions that provide practical risk mitigation and business enablement
Significant experience in applying a structured approach to problem resolution in large, geographically dispersed organizations with 24/7 operations
Proven collaborative leadership and teamwork aligning to strategic business objectives
Excellent written and verbal English communication skills with French highly desirable, able to interact with a broad cross-section of personnel to explain risks and enforce security measures
Detail-oriented self-starter with a high level of commitment and personal motivation
Knack for prioritizing tasks and working in a fast-paced, Agile environment
Technical Skills/Knowledge
Knowledge and practical experience applying standards, frameworks, regulations, and legislation governing information security and privacy, e.g. NIST, ISO 27001, COBIT, SOX, PIPEDA
Knowledge and general understanding of IT and OT security controls and control models.
Knowledge of data classification, security policies and standards, strategic threat intelligence, threat modeling, vulnerability management, risk assessments, third party risk programs, risk management techniques, risk registries, regulatory compliance, security awareness training and testing, security metrics, security enforcement, and other relevant GRC areas of practice.
This position is posted as a grade LEVEL 5. For internal candidates, note that the grade level of the position may adjust based on the employee's experience.
About CN
CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. As the only railroad connecting Canada's Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.
For internal candidates, note that the grade level of the position will depend on the employee's experience.
CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.
-
Toronto, Canada BFL Canada Full timeWe offer more than a job, we offer a career! We support our employees to shape their career by encouraging continuing education and investing in training and development. We put our employees at the center of what we do to allow them to grow personally and professionally, with projects and challenges that are motivating and rewarding. We inspire people...
-
Toronto, Canada BFL Canada Full timeWe offer more than a job, we offer a career! We support our employees to shape their career by encouraging continuing education and investing in training and development. We put our employees at the center of what we do to allow them to grow personally and professionally, with projects and challenges that are motivating and rewarding. We inspire people...
-
Toronto, Canada BFL Canada Full timeWe offer more than a job, we offer a career! We support our employees to shape their career by encouraging continuing education and investing in training and development. We put our employees at the center of what we do to allow them to grow personally and professionally, with projects and challenges that are motivating and rewarding. We inspire people...
-
Toronto, Canada BFL Canada Full timeWe offer more than a job, we offer a career! We support our employees to shape their career by encouraging continuing education and investing in training and development. We put our employees at the center of what we do to allow them to grow personally and professionally, with projects and challenges that are motivating and rewarding. We inspire people...
-
Senior Manager, Regulatory Risk
2 weeks ago
Old Toronto, Canada Scotiabank Full timePress Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Title: Senior Manager, Regulatory Risk & Governance Requisition ID: 187046Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture. Contributes to the overall success of the Global Finance, Regulatory Risk...
-
Senior Manager, Regulatory Risk
2 weeks ago
Old Toronto, Canada Scotiabank Full timePress Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Title: Senior Manager, Regulatory Risk & Governance Requisition ID: 187046Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture. Contributes to the overall success of the Global Finance, Regulatory Risk...
-
Toronto, Canada Healthcare of Ontario Pension Plan Full timeWhy you’ll love working here:high-performance, people-focused cultureour commitment that equity, diversity, and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selvesmembership in HOOPP’s world class defined benefit pension plan, which can serve as an important...
-
Old Toronto, Canada HOOPP Full timeSenior Manager, Technology Governance, Risk and Compliance page is loaded Senior Manager, Technology Governance, Risk and Compliance Apply locations Toronto, Ontario, Canada time type Full time posted on Posted 4 Days Ago job requisition id JR101651 Why you’ll love working here:high-performance, people-focused cultureour...
-
Old Toronto, Canada HOOPP Full timeSenior Manager, Technology Governance, Risk and Compliance page is loaded Senior Manager, Technology Governance, Risk and Compliance Apply locations Toronto, Ontario, Canada time type Full time posted on Posted 4 Days Ago job requisition id JR101651 Why you’ll love working here:high-performance, people-focused cultureour...
-
Senior Manager, Regulatory Risk
2 weeks ago
Toronto, Canada Scotiabank Full timeRequisition ID: 187046Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture. Contributes to the overall success of the Global Finance, Regulatory Risk Governance group (1B) ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team’s mandate and overall...
-
Senior Analyst, Model Risk Governance
4 days ago
Old Toronto, Ontario, Canada Canadian Imperial Bank of Commerce Full timeSenior Analyst, Model Risk Governance page is loaded Senior Analyst, Model Risk Governance Apply locations Toronto, ON time type Full time posted on Posted 4 Days Ago job requisition id We're building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what's right for our clients. At...
-
Senior Analyst, Model Risk Governance
2 weeks ago
Old Toronto, Canada Canadian Imperial Bank of Commerce Full timeSenior Analyst, Model Risk Governance page is loaded Senior Analyst, Model Risk Governance Apply locations Toronto, ON time type Full time posted on Posted 4 Days Ago job requisition id 2412921 We’re building a relationship-oriented bank for the modern world. We need talented,...
-
Senior Analyst, Model Risk Governance
2 weeks ago
Old Toronto, Canada Canadian Imperial Bank of Commerce Full timeSenior Analyst, Model Risk Governance page is loaded Senior Analyst, Model Risk Governance Apply locations Toronto, ON time type Full time posted on Posted 4 Days Ago job requisition id 2412921 We’re building a relationship-oriented bank for the modern world. We need talented,...
-
Toronto, Ontario, Canada Cari Full time $97,000 - $231,000Job Type:Permanent At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness. Our mission is to use data and analytics to deliver value for our clients. Our team understands exactly how data underpins a...
-
Manager, Governance Risk
4 days ago
Toronto, Ontario, Canada SkipTheDishes Full timeLocation: Toronto or Winnipeg (Hybrid)Attention-to-detail: highThought process:analyticalIntended result:a prosperous future — for you and Skip. As part of the Skip Finance team, you will work alongside business and technology leaders in a first line of defense capacity to provide pragmatic, future-thinking internal control solutions to address key...
-
Risk Management Governance, Senior Manager
4 weeks ago
Old Toronto, Canada HomEquity Bank Full timeFriday, May 3, 2024 WHO WE ARE HomeEquity Bank is a Schedule 1 Canadian chartered bank and the leading national provider of reverse mortgages, with a growing portfolio. As the only bank solely dedicated to serving homeowners 55 and up, we’re passionate about helping Canadian homeowners live retirement on their terms. We live that commitment every day,...
-
Risk Management Governance, Senior Manager
4 weeks ago
Old Toronto, Canada HomEquity Bank Full timeFriday, May 3, 2024 WHO WE ARE HomeEquity Bank is a Schedule 1 Canadian chartered bank and the leading national provider of reverse mortgages, with a growing portfolio. As the only bank solely dedicated to serving homeowners 55 and up, we’re passionate about helping Canadian homeowners live retirement on their terms. We live that commitment every day,...
-
Risk Management Governance, Senior Manager
4 weeks ago
Old Toronto, Canada HomEquity Bank Full timeFriday, May 3, 2024 WHO WE ARE HomeEquity Bank is a Schedule 1 Canadian chartered bank and the leading national provider of reverse mortgages, with a growing portfolio. As the only bank solely dedicated to serving homeowners 55 and up, we’re passionate about helping Canadian homeowners live retirement on their terms. We live that commitment every day,...
-
Manager, Risk Governance and Controls
2 months ago
Toronto, Canada TD Bank Full time394494BR Securities / Wholesale Banking Toronto, ON January 5, 2023 Company Overview **Job Description**: As a Manager, you will manage all integration related work against each pillar of the governance and controls (G&C) workstreams including 1B standards, Compliance, Operational Risk Management programs, Business Resilience and Incident management,...
-
Manager, Governance Risk
2 months ago
Toronto, Canada SkipTheDishes Full timeLocation: Toronto or Winnipeg (Hybrid) Attention-to-detail: high. Thought process: analytical. Intended result: a prosperous future — for you and Skip. As part of the Skip Finance team, you will work alongside business and technology leaders in a first line of defense capacity to provide pragmatic, future-thinking internal control solutions to address key...