Senior Specialist, Cyber Security Policy

Senior Specialist, Cyber Security Policy
Location: Toronto, ON
Employment Type: Full-Time

Client: Canadian Tire
About Us
Canadian Tire Corporation, Limited (“CTC”) is one of Canada’s most admired and trusted companies. With more than 90 Owned Brands, 1,700 retail locations, financial services, exemplary e-commerce capabilities, and exciting market-leading merchandising strategies. We dream big and work as one to innovate with purpose for our customers at every level of our business, investing in new technologies and products, and doubling down on top talent to drive the company forward. We offer competitive salaries and wages to CTC employees, as well as store discounts, supported learning through our Triangle Learning Academy, Canadian Tire Profit Sharing, and retirement and savings programs for eligible employees. As part of our enhanced flex benefits program, we offer mental health benefits in the amount of $5,000 per year for benefits-eligible employees and their families, including total well-being, and mental health tools and resources for all employees. Join us in helping to make life in Canada better through living and working our Core Values: we are innovators and entrepreneurs at our core, outcomes drive us, inclusion is a must, we are stronger together and we take personal responsibility. It is an especially exciting time to join CTC and its family of companies where career opportunities are wide-ranging! Join us, where there's a place for you here.

About the Role
We are seeking a Senior Specialist, Cyber Security Policy to lead the development, maintenance, and enforcement of cybersecurity policies that align with retail and banking industry frameworks, including PCI DSS and NIST. This role acts as a strategic bridge between Engineering, IT, and Security teams, ensuring that system configurations and change management processes are accurately reflected in policy updates and compliance efforts.
Key Responsibilities

• Develop, update, and maintain cybersecurity policies, standards, and procedures aligned with PCI DSS, NIST CSF, and banking regulations.
• Collaborate with Engineering and IT teams to document system configurations and change management workflows for policy integration.
• Ensure policy adherence across the organisation, working closely with embedded security teams, compliance officers, and senior leadership.
• Conduct periodic reviews of cybersecurity policies to reflect evolving threats, regulatory changes, and industry best practices.
• Serve as the subject matter expert on cybersecurity policy, governance, and risk management.
• Support internal and external audits by ensuring policy documentation meets compliance and evidence requirements.
• Promote awareness of cybersecurity policies and contribute to training initiatives that reinforce compliance.

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• CISSP certification preferred; other relevant certifications (e.g., CISM, CISA, CAP, PCI Professional) are a plus.
• Proven experience in developing and managing cybersecurity policies in retail and banking environments.
• Deep understanding of PCI DSS requirements and their application across business and IT domains.
• Familiarity with NIST CSF, OSFI B-13, and other regulatory frameworks relevant to financial services.
• Strong analytical, communication, and stakeholder engagement skills.
• Experience supporting audits and managing evidence for compliance reporting (e.g., RoC, SAQ).

Why Join Us?

• Be part of a mission-driven team shaping cybersecurity policy in a dynamic financial environment.
• Work cross-functionally with engineering, IT, and compliance leaders.
• Influence strategic decisions and contribute to a culture of security and resilience