×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Senior Manager of GRC, Information Security

Job in Toronto, Ontario, M5A, Canada
Listing for: First National
Full Time position
Listed on 2025-12-31
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Job Description & How to Apply Below

We are hiring a Senior Manager of GRC in our Information Security department!

The Role:

A strategic and integral member of the Information Security Team, reporting to the AVP, Information Security, is responsible for ensuring the security, integrity, and availability of First National information assets. The candidate will contribute to the management and continuous improvement of security program(s). The position entails the development, implementation, and compliance of security control programs across the organization.

This role requires the following skills:

  • Specialized knowledge and experience in information security, security strategies, and security management frameworks.
  • Knowledge and understanding of current security standards and best practices, particularly ISO 27001.
  • Development, maintenance and review of Information Security Policy, Standards, Processes and Procedures
  • Effective and dynamic communicator.

    • Reporting To:

    Assistant Vice President, Information Security

    Full-Time/Part
    - Time:

    Full-time

    Posting Date:

    March 6, 2024

    Closing Date:

    April 6, 2024

    Hours of Work:

    8:30 – 5:00

    Grade:

    Office

    Location:

    Downtown Toronto

    Great location! Steps away from the main public transit station

    What we offer:

    Highly competitive compensation package which includes, base salary, bonus, benefits, and career advancement opportunities!

    * Eligibility for benefits is dependent on the terms of employment

    What you will do:

  • Review and improve the Information Security Management Framework.
  • Build strong cross-organizational relationships.
  • Manage the security risk management and compliance strategy, framework, and approach.
  • Advise other teams within First National in the design and implementation of effective security controls.
  • Proactively track and communicate the status of the risk response activities.

    • Governance

  • Defining, implementing, communicating, and monitoring the Information Security Strategy and Program.
  • Review, update, development, and implementation of security policies, procedures, and technical security standards to secure First National Assets and ensure security and compliance with associated risks, contracts, regulations, and industry standards.
  • Ensure that the Security Governance frameworks are institutionalized and compliant, and aligned with security standards, particularly ISO
    27001.
  • Support in preparing and running the security steering committee meetings.
  • As part of managing the larger GRC program, the role involves managing the Data Security program, IAM Program and Physical Security program.
  • Participate and promote the security training awareness program.
  • Development reports and presentations as required.
  • Provide briefings to senior management and advise them of critical risks and issues that may affect enterprise security objectives.
  • Support in expansion of the Information Security framework and program within the enterprise.
  • Ensure that Information Security projects meet their required goals, constraints are addressed, and resources are aligned, as defined by the project stakeholders.

    • Risk Management

  • Lead the Information Security Risk Management program, through evaluation of information security risks, accounting for people, processes, data, and all associated security controls.
  • Provide oversight of all relevant information security risks, and support in risk treatment of identified risks.
  • Assist in the third-party risk assessments process to ensure risk identification, transparency and business acceptance and contractual obligations.
  • Ensure that all the program-specific risk assessment results, such as Data Security, IAM security, Physical Security, Security Operations, Application Security, etc. dovetail into the information security risk management program.

    • Compliance Management

  • Control monitoring and review of internal security risk assessments.
  • Develop, document, and assess measures, metrics, and internal controls related to cyber security assessments and acceptance.
  • Develop, document, and assess measures, metrics, and internal controls related to information security assessments and acceptance.
  • In conjunction with Legal, Privacy and Compliance, identify information management and protection laws and regulations and…
    • Position Requirements
    10+ Years work experience
    Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
    To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search