Manager, Regulatory Reporting (GRC & Testing)

Manager, Regulatory Reporting, GRC & Testing
Full Time Permanent
Oakville (Hybrid)

Client: Canadian Tire
About Us
Canadian Tire Corporation, Limited (“CTC”) is one of Canada’s most admired and trusted companies. With more than 90 Owned Brands, 1,700 retail locations, financial services, exemplary e-commerce capabilities, and exciting market-leading merchandising strategies. We dream big and work as one to innovate with purpose for our customers at every level of our business, investing in new technologies and products, and doubling down on top talent to drive the company forward. We offer competitive salaries and wages to CTC employees, as well as store discounts, supported learning through our Triangle Learning Academy, Canadian Tire Profit Sharing, and retirement and savings programs for eligible employees. As part of our enhanced flex benefits program, we offer mental health benefits in the amount of $5,000 per year for benefits-eligible employees and their families, including total well-being, and mental health tools and resources for all employees. Join us in helping to make life in Canada better through living and working our Core Values: we are innovators and entrepreneurs at our core, outcomes drive us, inclusion is a must, we are stronger together and we take personal responsibility. It is an especially exciting time to join CTC and its family of companies where career opportunities are wide-ranging! Join us, where there's a place for you here.

Canadian Tire Bank (“CTB” is part of the Canadian Tire Corporation, Limited (“CTC”), which is one of Canada’s most admired and trusted companies. With world-class Owned Brands and exciting market-leading merchandising strategies, we are continually innovating with purpose: to be there for Canadians from coast-to-coast. We are relentlessly focused on innovating at every level of our business, investing in new technologies and products, and doubling down on the best talent to drive the company forward. It is an especially exciting time to join Canadian Tire and its group of companies.
The Information and Cyber Security Governance (IRGS) function is a dedicated team responsible for effectively managing and controlling information and cyber security within an organization. They develop and maintain policies, standards, and procedures/guidelines/process documents related to information and cyber security. The team identifies, assesses, and manages cyber risks, performs risk assessments, and reports on the organization's cyber risk profile. They promote a strong cyber risk and information security culture throughout the organization.
Additionally, the IRGS team conducts vendor assessments, reviews hardware and software for security gaps, remediates deficiencies, and tests control effectiveness. They build partnerships with stakeholders across the organization, implement self-assessment processes incorporating risk and controls assessment in day-to-day activities, and contribute to adopting state-of-the-art tools and techniques. The team also escalates significant cyber-related issues or observed non-compliance or unethical behavior.
It's important to note that the IRGS team reports directly to the Chief Information Security Officer (CISO) of CTB, who oversees the organization's overall information and cyber security strategy. This reporting relationship ensures alignment with strategic goals and facilitates effective coordination, collaboration, and decision-making between the IRGS function and other areas of the organization.
In summary, the IRGS function plays a vital role in governing and managing information and cyber security to protect the organization's assets, data, and systems from potential threats while maintaining a direct line of communication with senior leadership through its reporting structure to the CISO.

What you’ll do:
The Manager is a key player responsible for spearheading initiatives to identify, investigate, communicate, resolve, and improve information security governance, risk and compliance in our IT investments. 
 
You will partner with across the organization, including, Technology, Enterprise Risk Management, Internal Audit, PCI Compliance, Vendor Management and other stakeholders to assess cybersecurity risks for the organization, including 3rd party risk, while helping teams determine mitigation strategies to maintain and/or reduce the residual risk of the organization. Sounds like a lot? Well, there’s more:

• Developing and maintaining Information and Cyber Security Governance documents, including Policies, Standards, and Procedures/Guidelines/Process documents.
• Obtaining agreement, managing, monitoring, and reporting on cyber risks.
• Conducting annual risk assessments to identify any new or change in list of crown jewels.
• Preparing reports on our cyber risk profile for the Cross-functional Risk Committee (CRC).
• Promoting a strong cyber risk and information security culture within the organization.
• Reviewing hardware and software to identify any gaps in services and solutions.
• Ensuring deficiencies are remediated and conducting appropriate tests to verify the operating effectiveness of controls.
• Building and maintaining effective partnerships with various stakeholders across the organization.
• Developing, implementing, and rolling out a self-assessment process that incorporates risk and controls assessment in day-to-day activities.
• Assisting vendor management in ensuring successful execution of the Annual IT Inherent Risk Assessment, including adjusting execution for any changes to the CEO/CFO certification process arising from new and/or changing risk areas.
• Contributing to the identification and adoption of state-of-the-art tools, technology, and techniques to optimize risk and controls assessment services.
• Ensuring that the organization remains in compliance with regulatory and contractual requirements.
• Escalating any material cyber-related issues and observed non-compliance or unethical behavior.
• Providing oversight and participating in Disaster Recovery testing to ensure that objectives are being met and reporting to the leadership team about the outcomes.

What you bring

• University degree or college diploma in technology.
• Completed professional certifications, such as CISSP, CISM, CISA, CCSP etc.
• 7+ years of experience in understanding risks, audits and processes relating to Information/Cyber Security and IT.
• 5+ years of strong management experience in a complex organization.
• Experience designing and implementing security programs with a focus on governance, cyber security, security monitoring and vulnerability management.
• Thorough understanding and experience of various Information and Cyber Security standards and frameworks, such as NIST CSF, ISO 27001/2, CSA, PCI DSS and COBIT etc.
• Good knowledge and understanding of regulatory requirements applicable to Canadian FIs.
• The ability to clearly and confidently communicate risks and associated trade-offs.
• Excellent relationship management, consulting, problem-solving and report writing skills.
• Flexible to adjust to changing priorities and timelines.
• Ability to travel as required to other office locations such as Toronto, Welland and Calgary.

Our Commitment to Diversity, Inclusion and Belonging 
 We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better.
 
Accommodations  
 We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.