The Information and Cyber Security Governance (IRGS) function is a dedicated team responsible for effectively managing and controlling information and cyber security within an organization. They develop and maintain policies, standards, and procedures/guidelines/process documents related to information and cyber security. The team identifies, assesses, and manages cyber risks, performs risk assessments, and reports on the organization's cyber risk profile. They promote a strong cyber risk and information security culture throughout the organization.
Additionally, the IRGS team conducts vendor assessments, reviews hardware and software for security gaps, remediates deficiencies, and tests control effectiveness. They build partnerships with stakeholders across the organization, implement self-assessment processes incorporating risk and controls assessment in day-to-day activities, and contribute to adopting state-of-the-art tools and techniques. The team also escalates significant cyber-related issues or observed non-compliance or unethical behavior.
It's important to note that the IRGS team reports directly to the Chief Information Security Officer (CISO) of CTB , who oversees the organization's overall information and cyber security strategy. This reporting relationship ensures alignment with strategic goals and facilitates effective coordination, collaboration, and decision-making between the IRGS function and other areas of the organization.
In summary, the IRGS function plays a vital role in governing and managing information and cyber security to protect the organization's assets, data, and systems from potential threats while maintaining a direct line of communication with senior leadership through its reporting structure to the CISO.
The Specialist is a key player responsible for spearheading initiatives to identify, investigate, communicate, resolve, and improve information security governance, risk and compliance in our IT investments.
You will partner with across the organization, including, Technology, Enterprise Risk Management, Internal Audit, PCI Compliance, V endor M anagement and other stakeholders to assess cybersecurity risks for the organization, including 3rd party risk, while helping teams determine mitigation strategies to maintain and/or reduce the residual risk of the organization.
Be the champion in risk assessment of technologies and processes in the environment, including our digital crown jewels and other compliance impacting technologies and processes.
Connect the dots to improve and enhance risk assessment processes.
Understand and collaborate with stakeholders for prioritizing and mitigating vulnerabilities identified within the environment through vulnerability assessment, penetration testing, application security testing and/or any other risk assessment activity.
Following up on vulnerabilities, configuration and cloud gaps and track remediation
Help further mature existing vulnerability management program
Assess third-party risk on the use of vendors for day-to-day operations.
Provide oversight, reporting, and metrics on risk functions.
Performing security risk assessments for various projects and changes. And assisting with and documenting identified risk for presentation and approval from business and leadership as appropriate.
Anticipate risk and assist owners in building action plans for risk mitigation.
Review risk assessments of non-senior team members and peers
Validating operating effectiveness of IT general controls
Maintaining risk and controls repositories and documentation
Providing support for policy exception management procedures
Assisting with metrics and reporting
Manage platforms/applications within the mandate of the team
What you bring
University degree or college diploma in technology.
Possess one or more professional certifications, such as CISSP, CISM, CISA, CCSP, CRISC etc.
Up to 5+ years of experience in understanding risks, audits and processes relating to Information/Cyber Security and IT.
Excellent communication skills
Good documentation and presentation skills
Creative thinker who takes initiative
Problem solver with the ability to analyze and prioritize to meet business objectives
Collaborative team player with superior influencing skills, who builds relationships easily
Organized individual who is always seeking to automate or improve efficiency of procedures
Creative thinker who is observant to seek new opportunities and perceptive to abstract ideas
Goal driven individual to seek out continuous improvement opportunities
The ability to take a collaborate approach to build strong relationships and have positive team experiences
Flexible and dynamic individual who is able to adjust and prioritize accordingly to adapt to business demands and requirements
Solid foundation of relevant technical skills
Demonstrates behaviors of transparency, accountability agility and learning from others that will support your success
Good understanding of vulnerability and configuration management procedures and how those impact an organization.
Good knowledge and understanding about penetration testing and application security
Good scripting skills using Python or similar tools
Experience with developing dashboards using Power BI
Understands/Experience in risk assessments including third-party risk
Good understanding and some experience of managing applications/platforms
Have knowledge of security governance frameworks, policies and standards
Understands principles of security controls testing
Audit and/or IT risk management
Knowledge of IT risk and control frameworks, COBIT 5, NIST CSF & ISO27001, CIS
Understand System Development Life Cycle (SDLC) process and agile methodologies
Familiarity with Data Privacy and Protection standards PCI, PII.
Basic knowledge of cryptography and encryption algorithms.
Familiarity with identity management controls including Multi Factor Authentication and Single Sign On.
We’re always looking for great talent! In addition to competitive pay, we offer:
Comprehensive benefits and retirement programs
Performance incentives, Continuing Education Programs
Other perks to support your well-being
Career growth opportunities and product discounts
Broadband Salary Range: $64,000.00 - $106,000.00
Salary decisions are also dependent on other factors such as your experience, industry benchmarks, internal equity and other role-specific requirements. For critical roles, the compensation offering will be reviewed to ensure alignment with market rate and conditions and the unique value you bring to the role. #LI-AG2
This posting represents an existing vacancy within our organization.
We may use artificial intelligence tools as part of our recruitment process to assist in the initial screening of resumes. All hiring decisions, including candidate evaluation, selection, and disposition, are made by human recruiters.
About Us
At Canadian Tire Services Limited/Canadian Tire Bank, it is our mandate to continue to create innovative and rewarding financial solutions for our customers. Our growing suite of products and services showcase the dynamic contributions from our employees and our success is driven by a strong vision, loyal customers, and our ability to build teams that reflect the diverse customers and communities in which we live and work. Join us, where there's a place for you here.
Our Commitment to Diversity, Inclusion and Belonging
We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better. .
Accommodations
We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.