Infosec Specialist, Grc
Infosec Specialist, Grc
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
We are banking at another level.
Choosing BDC as your employer means working in a healthy inclusive and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently to fuel the success of Canadian entrepreneurs.
Choosing BDC as your employer also means:
Flexible and competitive benefits including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions a Defined Benefit Pension Plan a $750 wellness and health care spending account to name a few
In addition to paid vacation each year five personal days sick days as necessary and our offices are closed from December 25 to January 1
A hybrid work model that truly balances work and personal life
Opportunities for learning training and development and much more...
POSITION OVERVIEW
The Cybersecurity Governance Risk and Culture department is seeking a talented individual to play a crucial role within the team aligning these functions with BDCs business objectives. The InfoSec Specialist will work collaboratively with InfoSec squads IT teams and other lines of defense to ensure robust risk management and strategic decision-making. This position encompasses more than traditional GRC activities including performance measurement strategic planning and security reporting. The specialist will be part of a transformation towards an agile mindset where squads are empowered to make key decisions within their scope including how they work which tools to use and how to achieve their objectives.
KEY ACTIVITIES
You will be assigned to one of our squads and have the following responsibilities:
Governance Risk and Compliance
Develop and maintain governance documents (policies directives procedures standards).
Establish and uphold our risk and controls framework.
Monitor compliance with legal regulatory and industry standards.
Perform and support control assessment activities (effectiveness maturity).
Deliver comprehensive risk assessments/reviews including identifying and documenting risks and controls.
Support internal and external audits and ensure audit readiness.
Track action plans.
Assess third-party security and perform ongoing monitoring activities.
Performance Measurement & Reporting
Define and track key performance indicators (KPIs) of our controls and key risk indicators.
Analyze trends and performance data to identify areas for improvement.
Prepare and deliver regular reports and dashboards for senior leadership.
Strategy & Strategic Planning
Contribute to the development of the InfoSec strategy and strategic plan.
Track the progress of the InfoSec strategic plan.
Identify emerging threats risks and opportunities to evolve our framework.
Support InfoSec transformation initiatives to align with new corporate and IT orientations.
CHALLENGES TO BE MET
Apply knowledge and experience through the development of governance documents and risk and controls framework across various technologies and processes using industry standards and best practices.
Perform in-depth analyses of our risks and controls synthesize data and observations and effectively communicate conclusions.
Gain buy-in and cooperation from stakeholders across departments with differing priorities and foster a culture of accountability over risks and controls.
Enable our governance capability through data-driven performance measurement to assess the effectiveness efficiency and experience of InfoSec controls.
Produce clear and structured documentation that supports transparency and traceability.
Stay ahead of new threats and adjust frameworks accordingly.
Apply strong analytical problem-solving and organizational skills.
Demonstrate leadership skills work independently and thrive in a dynamic deadline-focused environment.
Demonstrate excellent verbal and written communication skills in both official languages
WHAT WE ARE LOOKING FOR:
Candidates should possess at least five years of experience covering the following areas:
Development of governance documents
Management of risk and control frameworks
Risk assessment including third-party risk assessment
IT audits and control assessments
Development of performance indicators and delivery of executive reports
Development of InfoSec strategy
Excellent knowledge of risk management and internal control frameworks such as ISO 27001 NIST COBIT OSFI.
Excellent knowledge and experience with Microsoft products and platforms (especially Excel PowerPoint PowerBi SharePoint)
B.A./B.S in Computer Science Information Security Engineering or equivalent discipline or CPA.
Relevant IT audit certifications are a plus such as:
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
ISO 27001 Lead Implementer or Auditor
#INDHP
Proudly one of Canadas Top 100 Employers and one of Canadas Best Diversity Employers we are committed to fostering a diverse equitable inclusive and accessible environment where all employees can thrive and feel empowered to bring their whole selves to work. If you require an accommodation to complete your application please do not hesitate to contact us at .
While we appreciate all applications we advise that only the candidates selected to participate in the recruitment process will be contacted.
Required Experience:
Unclear Seniority
Employment Type
Full-Time
