Manager, IT GRC

Ontario 407

$160K — $185K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years in IT security or Information Risk Management
  • College Diploma or University Degree in Computer Engineering, Computer Science, or Audit
  • Intermediate to strong knowledge of O365 and AWS
  • Experience with Governance, Risk, and Compliance (GRC)
  • Relevant certifications such as CISA, CISM, CRISC, CGEIT, or CISSP preferred
  • Familiar with IT Security Frameworks like PCI DSS, ISO 27001, and NIST
  • Ability to collaborate with internal and external stakeholders

Responsibilities

  • Drive change and implement leadership best practices across IT governance
  • Collaborate with business units to ensure compliance and address inquiries
  • Document standards, processes, and ensure they are met consistently
  • Consult with teams on Application Security and Risk Control measures
  • Facilitate and support internal and external audits to ensure compliance
  • Conduct risk assessments and develop strategies for risk mitigation
  • Enhance security and awareness frameworks within the organization

Benefits

  • Support for Diversity, Equity, and Inclusion initiatives
  • Opportunities for professional development
  • Collaborative and safe work environment
  • Engagement in meaningful governance and compliance work
  • Contribution to enterprise-level risk management strategies
Full Job Description

Title: Manager, IT GRC

Department: Information Technology

Location: 6300 Steeles Ave West, Woodbridge

Total Potential Compensation: $160,000-$185,000

Position Summary:

Reporting to the Senior Manager – Security Architecture and Governance, the IT Manager –Governance, Risk & Compliance (GRC) plays a key role in ensuring information security and compliance in the 407ETR by being responsible for elaborating and maintaining thorough internal and external audits, vendor due diligence program, and security risk management program. With the collaboration of relevant stakeholders, they develop, maintain and update all IT Security related policies, and control processes within the 407. The incumbent is an experienced professional with expertise and passion in leading, improving organizational processes to ensure Compliance and Risk Management. The Manager will need to balance information security risk and compliance requirements with business enablement.

Responsibilities:

· Drive change and leadership best practices. Draws upon and supports corporate programs to bring consistency to our people strategy. Provides input and direction on future talent programs. Supports Diversity Equity and Inclusion while establishing trust and transparency in a safe and productive work environment.

· Work closely with business units to achieve compliance with requirements and to address related questions and issues.

· Ensure standards, processes, procedures, and associated metrics are documented and met.

· Consult with Application Security, Risk and Controls (Access, Process control).

· Facilitating and preparing and supporting internal and third-party audits.

· Conduct risks assessments.

· Further enhance and mature the existing security and awareness framework to strengthen enterprise risk management, security & awareness, and compliance.

· Assist with Disaster Recovery and Business Continuity planning initiatives.

· Perform assessments and associated remediation activities to ensure systems and controls are configured in accordance with established policy, best practice guidelines and designated compliance frameworks.

Risk Management:

· Develop and improve information risk management strategies and processes.

· Manage and perform risk assessment initiatives, risk registry, etc.

· Enact risk rationalization and implementation of mitigation strategies and monitoring across IT.

· Maintain information risk tolerance threshold metrics and provide guidelines on ensuring information risk exposure is within tolerance limits.

· Identify and communicate issues and risks and work with cross-functional teams to establish risk mitigation strategies where applicable.

Compliance:

· Ensure compliance adherence across programs and initiatives in respect to legislation and regulation, i.e. PCI, ICFR, ITGC

· Perform assessments of technology solutions, third parties, etc., ensuring compliance to the defined security policies, standards and procedures.

Governance:

· Assist the development and maintenance of 407 ETR security policies, procedures and related documents.

· Work on governance frameworks, work with IT Leadership in order to upscale/improve governance methodology and reporting.

· Oversee information security governance related initiatives.

· Assist in the development and maintenance of a Data Governance program including Integration, Classification, Storage and Quality management

Qualifications:

· Minimum of 7 years of IT security, Information Risk Management or related work experience

· College Diploma or University Degree in Computer Engineering, Computer Science, or Audit preferred

· Intermediate to strong working knowledge of O365 and AWS

· Experience with GRC

· One or more of the following or related certifications preferred:

  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Systems Security Professional (CISSP)

· Experience with the following IT Security Frameworks required: Payment Card Industry Data Security Standards (PCI DSS), ISO 27001 / 27002, Control Objectives for Information and Related Technology (COBIT), NIST Cybersecurity Framework preferred

· Familiarity with Agile methodologies such as Lean, Scrum and Kanban preferred

· Demonstrated ability to work with internal stakeholders and external vendors

We are actively seeking to fill this role as it is a current vacancy.

Similar Jobs

More Jobs at Ontario 407

More Information Technology Jobs

Find similar Manager, IT GRC jobs: