Manager, IT Risk and Compliance
Federated Co-operatives Limited
Saskatoon, SK
Federated Co-operatives Limited (FCL) is a diverse business operating in the agriculture, food, energy and home and building sectors. Based in Saskatoon, Sask., FCL is owned by independent retail co-operatives from across Western Canada that are committed to local investment, community mindedness and lifetime membership benefits. FCL is involved in wholesaling and manufacturing, including refined fuels and lubricants. It also provides administrative and marketing support to its member-owners. For more information, visit www.fcl.crs.

The Co-operative Retailing System is a network composed of Federated Co-operatives Limited (FCL) and over 180 independent retail co-operatives that help build, feed and fuel individuals and communities in Western Canada. From Vancouver Island to northwestern Ontario and into the Arctic, retail co-ops serve 1.8 million active members and many more customers at 2,500 locations. FCL centrally supplies and supports these retail co-ops. By working together under the CO-OP® brand, we are all committed to local investment, community mindedness and lifetime membership benefits. For more information, visit www.coopconnection.ca.

FCL invites applications for the position of Manager, IT Risk and Compliance in our home office located in Saskatoon, Saskatchewan.

Responsible for driving and shaping the IT Security Strategy in the assessment of IT risk and compliance for the organization including the response, detection, and prevention of security concerns. Responsible to establish and direct the design, development, testing, and implementation of appropriate Information Security tactics, plans, and other access control techniques. Identifies emerging vulnerabilities, evaluate associated risks and threats, and provides countermeasures where necessary. Directs staff in the evaluation of risks and threats, development, implementation, communication, operation, monitoring and maintenance of the information security technologies for the protection of FCL systems and information. Manages the reporting, investigation, and resolution of information security incidents. Interact effectively with peers across the organization and external partners to identify and collaborate on initiatives to strengthen FCL’s security posture. Leverages technical expertise, knowledge and resources from other units such as Network, Server and Storage, Architecture, POS and others to support the information security and privacy programs.

Responsibilities:
Reporting to the Vice-President, Technology, responsibilities for this position include the following:

Responsible for shaping the IT Security Strategy in the assessment of IT risk and compliance for the organization including overseeing the response, detection, and prevention of security concerns. Responsible for the development and delivery of a comprehensive information security program company wide, including the protection of data, information, and infrastructure from external or internal threats. Ensures the organization is compliant with statutory and regulatory requirements regarding information access, security, and privacy. Development and improvement of FCL IT security policies and practices. Write, edit, recommend for approval by Senior Leadership, and coordinate the development of FCL information security policies, standards and procedures. Leverage expertise across the department with key IT groups in the development of policies. Ensure that FCL policies support compliance with external legal requirements, and are in line with governance practices.
Drives business results through effective cross-departmental leadership. Acts as a champion of security policies and practices and implements them across the departments. Ensures cross departmental teams daily operations and new projects align with security practices to ensure mitigation of potential threats. Translate approved policies and procedures into action-able and measurable tasks and assigns to technical teams to execute. Oversee the dissemination of policies, standards and procedures to FCL departments and its subsidiaries. Work with different stakeholders including Senior IT leadership, IT teams, and IT Control and Governance teams to achieve the overall goal of developing and implementing an ongoing risk assessment program targeting information security and privacy matters.
Lead a team in developing and implementing an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
Lead a team in developing and implementing an Incident Reporting and Response System to address FCL IT security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
Other duties as assigned.

Qualifications:
The successful candidate will have a Bachelor of Science in Information Management, Computer Science or related field. 8+ years of progressively responsible experience in security domains in one or multiple areas: Application, Infrastructure, Network in a complex environment. Including 3+ years of experience in leading or developing security and risk practices and privacy policies. Completed or working towards any of the following ISACA certifications: COBIT 5, CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control).

A combination of education and work experience may be considered.

Additional Information:
FCL offers a competitive salary, ongoing personal and professional development, and the opportunity to work with one of western Canada's most successful organizations.

You may be required to undergo a background and substance test in accordance with FCL policies.

We thank all candidates for their interest, however, only those selected for an interview will be contacted.