Role impact:The Senior Manager, Information Security Risk & Governance leads the Information Security Risk Management and Governance programs. Their main objective is to manage and continue the development of both programs to enhance and communicate the value of the Information Security (IS) practice in reducing related risks to CF.
In addition, this role is expected to work with technology and business stakeholders to identify Information Security risks, conduct risk assessments, recommend risks mitigation strategies, and monitor identified risks throughout its lifecycle. They also develop, maintain and report on Key Performance Indicators (KPI's), Key Risk Indicators (KRI's), Service Level Agreements (SLA's), and other documentation related to the Information Security program.
What you will deliver:- Own and manage the Risk & Governance program within the D&T Department
- Understand and manage Information Security risks pertinent to the organization's business goals and work with various departments to identify, measure, monitor, and report on risk based on information assets
- Partner with senior leadership team to obtain approvals for treatment of risk
- Develop, document, and communicate risk mitigation strategies to risk owners; document and monitor the implementation of security controls and adjust risk rating accordingly
- Develop, maintain and report on KRI's, KPI's and SLA's related to Information Security program.
- Research, implement and operate risk and governance technology tools and processes to enhance the effectiveness of the practice
- Develop new Information Security policies; ensure all existing policies and related documents are up to date
- Liaise with auditors and support the internal and external audit processes, including the collection of requested artifacts, review and prioritization of findings and recommendations.
- Stay abreast of and actively seek out information on emerging trends in Information Security risks and threat vectors; apply new techniques in-line with overall Information Security objectives and risk tolerance of the organization
- Work with internal stakeholders to develop strategies and implementation plans to enforce Information Security requirements and address identified risks
- Identifies requirements and conducts business impact analyses for threats, risks, and vulnerabilities for the Security Operations team to execute vulnerability assessments, penetration tests and security audits
- Primary author for risk and governance reports to highlight risk posture of the organization, mitigations, and recommendations
What your strengths are:- Ability to discuss with clarity risk and governance matters with non-technical stakeholders.
- Ability to analyze a large, complex, interlinked environment of data, communications, and information systems, where the technology is changing as well as the types of threats and vulnerabilities.
- Excel at problem-solving with a deep understanding of computer security and applicable laws and regulations.
- Understand business goals and operations and align risk mitigation recommendations with overall strategy and budget.
- Proven ability to conduct research into Information Security controls and technologies as required.
- Ability to work independently, setting goals, prioritize and execute tasks in a high-pressure environment.
- Excellent written, oral, and interpersonal communication skills.
- Ability to collaborate effectively with other leaders
- Ability to provide effective coaching to direct reports
What you need to succeed:- Post-secondary degree in Computer Science or equivalent combination of education and experience that satisfy the requirements of the position.
- Minimum 8 years of progressive responsibilities in developing and supporting Information Security risks management and governance programs; out of them, 3 years in a management role.
- Excellent knowledge of security technologies which are commonly used in enterprises to protect information systems, including on premise, Cloud and Mobile.
- Working knowledge of Information Security and Risk Management frameworks like ISO27001/2, ISO27005, NIST CSF and NIST 800-30
- Understanding of legal and regulatory compliance standards and requirements like PCI-DSS and PIPEDA
- CISSP, CISA, CRISC and other security certifications are a strong asset.
Starting base salary for this job level may range from $100,712 - $125,920. The actual base salary offered will consider several factors including, but not limited to the role, experiences, skills & qualifications, location, market and internal considerations; with this context, CF reserves the right to pay above this range.
Cadillac Fairview offers a competitive total rewards package in addition to base pay which includes a performance - based incentive plan, a comprehensive pension and benefits plan, paid time off including vacation, wellbeing & volunteer days and support for continued growth and development.