GRC Manager Information Security
GRC Manager Information Security
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at should you need an accommodation at any point in the recruitment process.
We are hiring a Manager of GRC Information Security!
Reporting To:
Senior Manager and Team Lead
FullTime/Part Time:
Fulltime
Posting Date:
March 14 2025
Closing Date:
March 28 2025
Hours of Work:
8:30 a.m. 5:00 p.m.
Grade:
Office Location:
16.4
Toronto ON
Great location! Steps away from the main public transit station
What we offer:
Highly competitive compensation package which includes base salary bonus benefits and career advancement opportunities!
*Eligibility for benefits is dependent on the terms of employment
The Opportunity:
A strategic and integral member of the Information Security Team reporting to the Senior Manager Information Security responsible for ensuring the security integrity and availability of the organizations information assets. The role will be responsible for the program management and continuous improvement of the GRC program (ISMS) including ISO 27001 certification and audit SOC2 readiness and audits daytoday risk management assessments and controls testing etc. Additionally this Manager will oversee the enterprise Physical Security program.
How you will contribute:
Program Management:
Develop implement and enhance the GRC program supporting information security governance risk management and compliance.
Improve the Information Security Management Framework and build crossorganizational relationships.
Manage the security risk management and compliance strategy framework and approach ensuring alignment with ISO 27001 and other security standards.
Track and communicate the status of risk response activities and advise teams on effective security controls.
Risk Management:
Manage the Information Security Risk Management program conducting regular Information Security Risk assessments.
Oversee risk treatment and ensure programspecific risk assessments (Data Security IAM etc. align with the broader security risk program.
Collaborate with stakeholders to address key risks and improve processes tools and technologies.
Compliance Management:
Ensure adherence to relevant regulations and industry standards (specifically SOC2 and ISO 27001.
Develop document and evaluate measures metrics and internal controls that contribute towards the ISMS objectives and SOC2 goals.
Review and update security policies procedures and standards to ensure compliance and security of First National assets.
Audit Management:
Support all securityrelated audit and certification processes (e.g. ISO27001 SOC2.
Support audit and assessment activities including internal and external audits vendor assessments benchmarking and more.
Third Party Vendor Compliance and Risk Management
Assist the vendor management team in ensuring thirdparty security compliance.
Assist in implementing technical controls to mitigate thirdparty risks and monitor progress on security improvements.
Physical Security:
Oversee physical security governance for First National across all locations.
Develop and implement physical security policies and procedures where required.
Conduct or coordinate physical security risk assessments.
Continual Improvement:
Stay current with industry trends and emerging technologies and identify opportunities to integrate them into the GRC and information security program.
Identify new GRC requirements through industry resources research and consultation with technology subject matter experts.
The experience you need:
- A bachelors degree in computer science information security or equivalent work experience is required. Graduate degree preferred.
- Information security certifications such as CISA CISSP ISO27001 CISM or equivalent preferred.
- A minimum of 6 years of prior experience in GRC management in a medium or large size organization is required.
- Experience with SOC2 and ISO 27001 audits and certifications.
- Experience in developing and maintaining Information Security policies standards processes guidelines procedures and controls ideally within the Financial Services industry.
- Knowledge of physical security principles and practices.
Relationships:
- Ability to work effectively with business unit and IT department managers including Application Development Infrastructure Operations Network Technical Support and others.
Working Environment and Physical Demands Analysis:
- Hybrid Office environment
- Periods of high volume with tight timelines
- Long periods of stationary position/sitting
- Prolonged periods of repetitive movement (i.e. using a keyboard and mouse)
- Long periods of time in viewing a computer screen
- Multitasking may include speaking to customers on a telephone call while looking up information on a computer program.
Why join First National
- Competitive Compensation
- Comprehensive benefits program (i.e. Health Spending Account Maternity and Parental Leave Top Up)
- Hybrid working environment
- Extensive training programs to set our employees up for success
- Modern office environment conducive to collaboration
- Supportive teamwork culture
- Opportunities to give back to the communities and work through events focused on a variety of charities
- Ongoing social events throughout the year
The team youll join:
Founded in 1988 First National is one of Canadas largest nonbank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canadas largest commercial mortgage lender.
First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.
We would like to thank all applications for their interest in this existing vacancy but only candidates selected for an interview will be contacted.
#FNLOON
Other details
- Job FamilyIT .4
- Pay TypeSalary
Required Experience:
Manager
Employment Type
Full-Time
