Senior Manager, Information Security Risk and Governance
Job Summary
Role impact:
The Senior Manager Information Security Risk & Governance leads the Information Security Risk Management and Governance programs. Their main objective is to manage and continue the development of both programs to enhance and communicate the value of the Information Security (IS) practice in reducing related risks to CF.
In addition this role is expected to work with technology and business stakeholders to identify Information Security risks conduct risk assessments recommend risks mitigation strategies and monitor identified risks throughout its lifecycle. They also develop maintain and report on Key Performance Indicators (KPIs) Key Risk Indicators (KRIs) Service Level Agreements (SLAs) and other documentation related to the Information Security program.
What you will deliver:
- Own and manage the Risk & Governance program within the D&T Department
- Understand and manage Information Security risks pertinent to the organizations business goals and work with various departments to identify measure monitor and report on risk based on information assets
- Partner with senior leadership team to obtain approvals for treatment of risk
- Develop document and communicate risk mitigation strategies to risk owners; document and monitor the implementation of security controls and adjust risk rating accordingly
- Develop maintain and report on KRIs KPIs and SLAs related to Information Security program.
- Research implement and operate risk and governance technology tools and processes to enhance the effectiveness of the practice
- Develop new Information Security policies; ensure all existing policies and related documents are up to date
- Liaise with auditors and support the internal and external audit processes including the collection of requested artifacts review and prioritization of findings and recommendations.
- Stay abreast of and actively seek out information on emerging trends in Information Security risks and threat vectors; apply new techniques in-line with overall Information Security objectives and risk tolerance of the organization
- Work with internal stakeholders to develop strategies and implementation plans to enforce Information Security requirements and address identified risks
- Identifies requirements and conducts business impact analyses for threats risks and vulnerabilities for the Security Operations team to execute vulnerability assessments penetration tests and security audits
- Primary author for risk and governance reports to highlight risk posture of the organization mitigations and recommendations
What your strengths are:
- Ability to discuss with clarity risk and governance matters with non-technical stakeholders.
- Ability to analyze a large complex interlinked environment of data communications and information systems where the technology is changing as well as the types of threats and vulnerabilities.
- Excel at problem-solving with a deep understanding of computer security and applicable laws and regulations.
- Understand business goals and operations and align risk mitigation recommendations with overall strategy and budget.
- Proven ability to conduct research into Information Security controls and technologies as required.
- Ability to work independently setting goals prioritize and execute tasks in a high-pressure environment.
- Excellent written oral and interpersonal communication skills.
- Ability to collaborate effectively with other leaders
- Ability to provide effective coaching to direct reports
What you need to succeed:
- Post-secondary degree in Computer Science or equivalent combination of education and experience that satisfy the requirements of the position.
- Minimum 8 years of progressive responsibilities in developing and supporting Information Security risks management and governance programs; out of them 3 years in a management role.
- Excellent knowledge of security technologies which are commonly used in enterprises to protect information systems including on premise Cloud and Mobile.
- Working knowledge of Information Security and Risk Management frameworks like ISO27001/2 ISO27005 NIST CSF and NIST 800-30
- Understanding of legal and regulatory compliance standards and requirements like PCI-DSS and PIPEDA
- CISSP CISA CRISC and other security certifications are a strong asset.
Starting base salary for this job level may range from $100712 - $125920. The actual base salary offered will consider several factors including but not limited to the role experiences skills & qualifications location market and internal considerations; with this context CF reserves the right to pay above this range.
Cadillac Fairview offers a competitive total rewards package in addition to base pay which includes a performance based incentive plan a comprehensive pension and benefits plan paid time off including vacation wellbeing & volunteer days and support for continued growth and development.
Why you should join us:
At Cadillac Fairview we have been transforming communities for over 50 years. We are so much more than our properties. We are building leaders at all levels. We offer the challenge of interesting work a great organizational culture the opportunity to collaborate with the best in the business and support for your growth and development. We reward values-based behavior and superior results with a competitive rewards package that includes best-in-class benefits and pension. Imagine a place where you can make a difference!
At CF our everyday actions and critical business decisions are guided by our CF Values. Achieving results is naturally important for us and we achieve results through behaviours that are consistent with our CF Values.
Are you someone who believes in our values
- Aim Higher we strive to exceed expectations
- Own Your Expertise we empower ourselves and each other
- Collaborate Effectively we bring the right people together to get the right results
- Engage with Empathy we objectively consider the needs of others
- Embrace Change we drive learn from and adapt to change
At CF youll join a diverse community and award-winning team where your talent and commitment to excellence are welcomed valued and respected.
CF isan equal opportunity employerand is committed to creating a diverse and inclusive environment. If you need reasonable accommodation during the recruitment assessment and/or selection process please notify your CF contact or email
Required Experience:
Senior Manager
About Company
The Cadillac Fairview Corporation Limited is a Canadian company that invests in, owns, and manages commercial real estate.