Senior Manager, Governance, Risk and Compliance

Senior Manager Governance, Risk and Compliance
Hybrid, 3 days on site
Toronto, Ontario
Estimated Duration: Fulltime

What we offer
In addition to a competitive salary and a rewarding career where you can truly make a difference, we offer a comprehensive package that meets the various needs of our diverse employees, including:

• Ability to participate in inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities;
• Minimum four (4) weeks of paid annual vacation days, increasing with years of service;
• Four (4) paid personal days;
• Defined benefit pension plan with OMERS, includes 100-per-cent employer matching; 
• Health, dental, and vision benefits, including a health spending account available upon your start date;
• Employee and family assistance program;
• Maternity and parental leave top up (93% of base salary);
• Training and development programs including tuition reimbursement of $1500 per calendar year.
• Fitness membership discount;?

This job offers the opportunity to work from home as part of a hybrid work arrangement. This arrangement will allow you to work some days at a client’s work location and the rest of the time from home. The amount of time required to work at a client’s work location is flexible, while considering operational and service delivery requirements.

Make a difference
Are you passionate about Cyber Security and Information Risk Management and interested in having a positive impact on your local community?  If so, the Supervisor, Information Security Operations & Defense position may be for you!
The Senior Manager Governance, Compliance and Risk is accountable for ensuring all aspects of the security of “TCH’s” IT systems and assets. Activities in this strategic role include conducting Governance, Compliance and Risk assessments, incident response, and developing the necessary monitoring and compliance systems, policies, procedures and security controls. This position is accountable for the protection of information and information systems from unauthorized access, inappropriate use, disclosure, disruption, modification, or destruction to ensure confidentiality, integrity, and availability.
 

What you’ll do

Information Security Defense Management Framework and Strategy:

• Accountable for the management of the information Governance, Compliance and Risk policies, standards and frameworks including but not limited to detection, recovery, protection, and identification of potential threats against enterprise digital assets and operations including and infrastructure and networks. 
• Supporting compliance and reporting activities with respect to IPC and other regulatory and legislative requirements
• Develop Governance, Compliance and Risk strategies that align with the vision, mission and objectives. Plays a proactive role in development of annual Information Security operational plans.
• Provide tactical and strategic recommendations to Senior Management – related to Governance, Compliance and Risk for Information Security, Cyber threats and risk management, disaster recovery and associated Information Management and IT/OT Security controls.
• Analyze proposed Governance, Compliance and Risk solution, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance Governance, Compliance and Risk solutions and business processes.
• Proactively provides internal recommendations on related governance requirements, baselines, standards and best practices. Balance the Governance, Compliance and Risk for Information Security controls with the requirements of the Business and make implementable recommendations versus business operations.
• Identify, analyze, and recommend Governance, Compliance and Risk options for risk management at appropriate levels within the enterprise and municipalities and associated agencies.
• Acts as the Governance, Compliance and Risk expert and take on more complex work in developing Governance, Compliance and Risk program, and interacting with key internal partners and their confidential information
• Play a mentorship role as a senior subject matter expert in information Governance, Compliance and Risk management and provide training and guidance to staff wherever needed.
• Research and maintain Governance, Compliance and Risk techniques, countermeasures and trends in computer and network vulnerabilities, data hiding, encryption and cyber security.
• Recommend technology changes in order to mitigate Governance, Compliance and Risk risks or implement and operationalize new or enhance Governance, Compliance and Risk trends
• Collaborate with other agencies to align Governance, Compliance and Risk standards

Daily IT Security Governance, Compliance and Risk Operations Activities:

• Provides expert Governance, Compliance and Risk standards and guidance directly and indirectly in the secure operation of all IT services.
• Handles Governance, Compliance and Risk incidents and exceptions often of a confidential nature incorporating highly technical concepts to business stakeholders. The information if miscommunicated or incorrectly assessed or analyzed might harm the reputation and might lead to incorrect Management actions.
•  Leads and coordinate confidential investigations alongside CLIENT’S MSSP and Incident Responder and reports the results to Upper Management.
• Leads end-to-end Governance, Compliance and Risk program.
• Ensure the Governance, Compliance and Risk of Corporate Identity and Access Management (CIAM) Program
• Work with IT, Enterprise Solutions & Data, and all other  Enterprise teams to establish appropriate Governance, Compliance and Risk processes, controls and ensure compliance with security policies.
• Manage the Governance, Compliance and Risk of  data with multiple partners such as MSSP and security related projects simultaneously, and present status updates to upper management.
• Conducts internal information systems Governance, Compliance and Risk reviews. Reviews IT and business process changes for potential Governance, Compliance and Risk issues and compliance to standards.
• Analyze Governance, Compliance and Risk solution, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of corporate information

IT and IT Security audit and internal control Compliance and Governance, Compliance and Risk:

• Participates and co-ordinates all internal and external information technology Governance, Compliance and Risk compliance and remediation activities. Manages the Governance, Compliance and Risk responses with his team, implementation plan completions, time frames and remediation activities. Documents and manages the implementations of necessary IT Governance, Compliance and Risk and security controls to address the management responses. Crafts draft management responses. Works with internal and external auditors to confirm findings.
• Give recommendation on the day-to-day management and testing of internal Information Security Governance, Compliance and Risk standards,
• Develops Governance, Compliance and Risk procedures to meet Internal control perspectives and tests or verifies procedures are followed according to acceptable  control standards.
• Monitors internal Governance, Compliance and Risk controls to ensure appropriate access levels are maintained, recommend access controls and roles consistent with the “principle of “least privilege” security rules.
• Proactively recommends Governance, Compliance and Risk changes to IT and CLIENT’S information systems, business processes and procedures to address potential Governance, Compliance and Risk control deficiencies.

 
What you’ll need

• University degree, or equivalent, in computer science, engineering or a relevant technical discipline.
• 7- 9 years of broad and deep information security and Governance, Compliance and Risk experience.
• IT Security Designations – CISSP
• Specific strengths in multiple areas including Application Security, Network security, server and database security, cloud security, identity and access management, incident response and disaster recovery and business continuity planning, data leakage prevention, CISSP, IT Security Architecture, Threat Management Lifecycle Management experience.
• Excellent communication skills in English

Nice to have:

• CIPP.C, CIPM, IAPP (CIPP/C), SANS Certification e.g. GCIH
• CISA, CRISC, CISM, or similar certification and training are assets.
• Strong understanding of IT, Governance, Compliance and Risk, and Compliance frameworks (NIST, ISO 27001, CoBit, SOC2, CIS, Cloud Security Alliance (CSA))
• Expert knowledge of Third-Party Risk Management, Security Risk Reporting, Zero Trust Assessment (ZTA) etc