Director, Cyber Security GRC

86469
Toronto, Ontario
Permanent/Direct Hire
7 days ago

Director, Cyber Security GRC
Full Time Permanent
Toronto on-site preferred

Client: Canadian Tire
About Us
Canadian Tire Corporation, Limited (“CTC”) is one of Canada’s most admired and trusted companies. With more than 90 Owned Brands, 1,700 retail locations, financial services, exemplary e-commerce capabilities, and exciting market-leading merchandising strategies. We dream big and work as one to innovate with purpose for our customers at every level of our business, investing in new technologies and products, and doubling down on top talent to drive the company forward. We offer competitive salaries and wages to CTC employees, as well as store discounts, supported learning through our Triangle Learning Academy, Canadian Tire Profit Sharing, and retirement and savings programs for eligible employees. As part of our enhanced flex benefits program, we offer mental health benefits in the amount of $5,000 per year for benefits-eligible employees and their families, including total well-being, and mental health tools and resources for all employees. Join us in helping to make life in Canada better through living and working our Core Values: we are innovators and entrepreneurs at our core, outcomes drive us, inclusion is a must, we are stronger together and we take personal responsibility. It is an especially exciting time to join CTC and its family of companies where career opportunities are wide-ranging! Join us, where there's a place for you here.

The Director of Cyber Security GRC is accountable for leading new initiative and existing solution cyber security risk assessments, managing third-party cyber security risk throughout the partnership lifecycle, driving cyber security policy and standards compliance, and overseeing audit and regulatory obligations. Reporting to the Vice President & Chief Information Security Officer, this role ensures cyber risks are properly articulated, compliance gaps are minimized, and stakeholders receive clear, actionable guidance to support secure technology delivery. The Director partners closely across Engineering, Tech Platforms, Threat Surface Management, and Enterprise Risk to align on cyber standards, support secure software development, and meet key enterprise governance requirements.

What you’ll do
New initiative and existing solution cyber security risk assessment

  • Assess all new initiatives integrating technology against relevant cyber security risks
  • Ensure all risks are properly articulated to stakeholders and appropriate decisions and actions are taken before release
  • Deliver a cyber security risk-aware process for all initiatives to inherently reduce residual risk

Third-party cyber security risk lifecycle management

  • Ensure appropriate vendor cyber security risks are assessed throughout the partnership lifecycle
  • Decrease active partnership risks through ongoing procurement and business engagement

Cyber security policy and standards compliance

  • Ensure compliance cyber security policies and standards are reviewed, and owners take action to minimize compliance gaps vs targets
  • Maintain visibility to compliance impact on residual risk vs target

Audit and regulatory obligations

  • Accountable for all processes to maintain PCI compliance including testing, technology improvements, and reporting accountabilities
  • Work directly with internal and external audit to ensure plans are aligned to strategy
  • Ensure appropriate updates and required material are provided as committed

Cross-functional leadership and alignment

  • Collaborate with AVP, Develop & QE Practices to ensure security standards are followed in software development and engineering execution
  • Align with AVP, Cyber GRC on cyber capability standards driven by GRC policies and standards
  • Align with AVP, Threat Surface Management to support effective detection, response, and recovery processes
  • Partner with VP, Infra Services / SVP, AI & Tech Platforms to set and assure requirements for SecOps capabilities (IDAM, vulnerability management)
  • Partner with Enterprise Risk Management to adhere to risk management lifecycle programs and processes

Governance, metrics, and decision-making

  • Drive individual and shared metrics including initiative assessments, compliance to policies and standards, third-party cyber risk reduction, and deficiency close rates
  • Manage cost targets and contribute to cyber spend vs budget
  • Own cyber security policy and standards compliance, third-party cyber security risk management, and internal/external audit lifecycle
  • Influence risk prioritization, audit prioritization, and enterprise risk and internal audit processes

Who you are:
We are looking for individuals who are:

  • Outcome focused, critical thinkers with the ability to analyze and visualize, to ensure continuous improvement across our entire business
  • Creative and courageous, with the ability to manage in an environment of change and ambiguity to help us take bold, strategic moves in this rapidly evolving retail environment
  • Collaborative team player with superior influencing skills and strong communication capabilities who fosters and builds relationships easily across various stakeholder groups to move initiatives forward
  • Inclusive leader who develops, coaches and mentors teams that effectively anticipate and respond to disruption, while consistently delivering strong performance
  • Action oriented, and comfortable taking calculated risks to better serve our customers and business
  • Detail driven leader with a track record of delivering on time and to budget large scale capability uplifts

If you’re curious, ready to take on new challenges and open to doing things differently to help us evolve rapidly, then this is definitely the place to be.

What you bring

  • 10+ years of experience in Cyber Security, with proven experience leading GRC teams for enterprise organization
  • Extensive experience risk assessments, third-party cyber security reviews, and audit/regulatory alignment
  •  Demonstrated accountability for PCI compliance processes, testing, reporting, and technology improvements
  • Proven ability to assess new initiatives for cyber risks, articulate findings, and influence decisions prior to release
  • Experience driving compliance reporting, minimizing gaps vs target, and managing residual risk
  • Experience collaborating with procurement and business stakeholders throughout vendor partnership lifecycles
  • Strong leadership experience building cross-functional alignment on cyber standards, governance requirements, and enterprise risk processes
  • Ability to manage cost targets and operate within budgetary accountability
  • Ability to exercise effective independent judgment, to prioritise and deliver business results in a fast moving, high pressure and demanding environment with competing priorities
  • Proven leader and trusted advisor with strong interpersonal, communication and influencing skills to build credibility and collaboration with peers, stakeholders, and senior management
  • Proven and applied knowledge of SAFe 5.0, Agile, delivery
  • Bachelor’s degree in areas such as Engineering, Computer Science or similarly relevant domain
Our Commitment to Diversity, Inclusion and Belonging 
We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better.
 
Accommodations  
We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.
 

The pay range that the employer reasonably expects to pay for this position is between CA$163.00 and CA$113,000

Our voluntary benefits offering includes medical, dental, vision and retirement benefits.

Applications will be accepted on an ongoing basis.

Tundra Technical Solutions would like to thank you for the interest you have demonstrated in this opportunity. However, only candidates with the required skills will be contacted.

Tundra Technical Solutions is an Equal Opportunity/Affirmative Action Employer. We welcome and encourage diversity in our workplace.

Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!

Tundra Technical Solutions is among North America’s leading providers of Information Technology and Engineering staffing and consulting services. Our success and our clients’ success are built on a foundation of service excellence. Rather than continually trying to sell to new clients and companies and simply filling databases with candidates, we focus on developing stronger relationships and deeper knowledge of our existing clients’ challenges and opportunities.

Open ears. Open minds. Open futures