OUR VIRTUAL DOORS ARE OPEN!
Given the recent developments concerning COVID-19, we are committed more than ever to the well-being of our staff and candidates. As such, we are now conducting interviews using various web applications. We also have many employers offering work-from-home opportunities, so do not hesitate to reach out to our recruiters to learn more.
Position: Manager, Governance, Risk and Compliance
Location: Yonge/York Mills
Job Type: 6-month contract
Our client is looking for a Manager, Governance, Risk and Compliance (GRC) to join our client's IT team. The GRC Manager will be responsible for a growing Governance, Risk and Compliance program. This is an exciting opportunity for you to use your agility, collaborative style and excellent communication skills to work with various stakeholders and address in-flight processes, challenges and identified risks.
You will partner with Information Security, Operations, Privacy and Finance, to capture and articulate technical regulatory requirements, in a manner that brings clarity and eliminates confusion. You will use your deep understanding of risk assessment and definition to advise stakeholders on their project challenges.
As Manager, GRC, you will require a mix of business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards and a polished ability to communicate with key stakeholders.
About Your Day:
- Be responsible for IT procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices
- Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes
- Help ensure compliance with applicable regulatory and legal frameworks
- Assist in the development and monitoring of a compliance framework for outsourced IT services
- Assist in the development and monitoring of the data retention program
- Work with business units to ensure data is properly classified
- Be responsible for the identification, tracking and remediation of IT risks
- Ensure alignment to the enterprise risk management framework
- Be responsible for evidence creation, validation, and assessment workflows
- Assist in the development and oversight of required corrective action plans relating to technical compliance issues
- Oversee IT policies, standards, guidelines and baselines
- Ensure policies are reviewed and updated regularly
- Ensure alignment to the enterprise policy framework
- Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls
- Support both internal and external audits of IT processes, as required, facilitating discussions, evidence sharing and tracking, and remediation planning
- Promote and monitor compliance with our corporate-wide IT Security awareness program.
- Create and maintain all related documentation, versioning, and approvals
- Maintain expertise on GRC trends in order to mitigate potential emerging exposure
- Bachelor's degree in Computer Science/Information Technology or a related field of study, or equivalent level of education and experience
- 5+ years of progressive Information Security and/or GRC work experience, preferably at the managerial level
- Knowledgeable of COBIT, CIS, ISO 27001, NIST and related industry frameworks.
- Knowledgeable of governance, risk and compliance systems and how to design a GRC framework
- Advanced knowledge of risk assessment design and delivery
- Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, GCCC, CIPP/C
- Experience working in regulated industries preferred
Please send your resume to keri Trimble.
Job Type: Contract