Manager, Regulatory Reporting (GRC & Testing)

Manager, Regulatory Reporting, GRC & Testing
Full Time Permanent
 Oakville (Hybrid)
What you’ll do:
The Manager is a key player responsible for spearheading initiatives to identify, investigate, communicate, resolve, and improve information security governance, risk and compliance in our IT investments. 
 
You will partner with across the organization, including, Technology, Enterprise Risk Management, Internal Audit, PCI Compliance, Vendor Management and other stakeholders to assess cybersecurity risks for the organization, including 3rd party risk, while helping teams determine mitigation strategies to maintain and/or reduce the residual risk of the organization. Sounds like a lot? Well, there’s more:

• Developing and maintaining Information and Cyber Security Governance documents, including Policies, Standards, and Procedures/Guidelines/Process documents.
• Obtaining agreement, managing, monitoring, and reporting on cyber risks.
• Conducting annual risk assessments to identify any new or change in list of crown jewels.
• Preparing reports on our cyber risk profile for the Cross-functional Risk Committee (CRC).
• Promoting a strong cyber risk and information security culture within the organization.
• Reviewing hardware and software to identify any gaps in services and solutions.
• Ensuring deficiencies are remediated and conducting appropriate tests to verify the operating effectiveness of controls.
• Building and maintaining effective partnerships with various stakeholders across the organization.
• Developing, implementing, and rolling out a self-assessment process that incorporates risk and controls assessment in day-to-day activities.
• Assisting vendor management in ensuring successful execution of the Annual IT Inherent Risk Assessment, including adjusting execution for any changes to the CEO/CFO certification process arising from new and/or changing risk areas.
• Contributing to the identification and adoption of state-of-the-art tools, technology, and techniques to optimize risk and controls assessment services.
• Ensuring that the organization remains in compliance with regulatory and contractual requirements.
• Escalating any material cyber-related issues and observed non-compliance or unethical behavior.
• Providing oversight and participating in Disaster Recovery testing to ensure that objectives are being met and reporting to the leadership team about the outcomes.

What you bring

• University degree or college diploma in technology.
• Completed professional certifications, such as CISSP, CISM, CISA, CCSP etc.
• 7+ years of experience in understanding risks, audits and processes relating to Information/Cyber Security and IT.
• 5+ years of strong management experience in a complex organization.
• Experience designing and implementing security programs with a focus on governance, cyber security, security monitoring and vulnerability management.
• Thorough understanding and experience of various Information and Cyber Security standards and frameworks, such as NIST CSF, ISO 27001/2, CSA, PCI DSS and COBIT etc.
• Good knowledge and understanding of regulatory requirements applicable to Canadian FIs.
• The ability to clearly and confidently communicate risks and associated trade-offs.
• Excellent relationship management, consulting, problem-solving and report writing skills.
• Flexible to adjust to changing priorities and timelines.
• Ability to travel as required to other office locations such as Toronto, Welland and Calgary.