Data Protection and Risk Officer

Job Posting: Data Protection and Risk Officer
Position Title: Data Protection and Risk Officer
Reporting to: EVP Organizational Performance Culture & Strategy
Department: Operations

Job Summary
We are seeking a highly skilled and experienced Data Protection and Risk Officer to join our
team. Reporting to the EVP of Organizational Performance Culture and Strategy you will
be a key member of the Operations department which includes GRC HR and Program
Management teams. Your primary responsibility will be to lead our data protection and
risk management program ensuring compliance with global regulations and best practices.
You will work closely with various teams including Sales HR Engineering and
IT/DevOps/SecOps/CloudOps to advise on compliance matters implement and monitor IT
compliance activities and foster a culture of security and privacy throughout the
organization.

Responsibilities
Build a strategic and comprehensive information security program that defines
develops maintains and implements policies and processes that enable consistent
effective information security practices which minimize risk and ensure the
integrity confidentiality and availability of information that is owned controlled
and processed within Explorance
Ensure information security policies standards and procedures are up-to-date
Initiate facilitate and promote activities to foster information security awareness
within the organization
Create a culture of cyber security both with the IT organization and driving
behavioral changes for the business
Evaluate security trends evolving threats risks and vulnerabilities and applies tools
to mitigate risk as necessary
Manage security incidents and events involving IT systems
Ensure that the disaster recovery business continuity risk management and access
controls needs are addressed
Ensure compliance with the administrative technical and physical safeguards
Manage 3rd party security audits and penetration testing initiatives

Serve in a leadership and functional role for security compliance
Work closely with the internal teams to ensure alignment between security and
privacy compliance programs including policies practices and investigations and
acts as the point of contact for the information systems and compliance
departments
Initiate and perform periodic information security risk assessment/analysis
mitigation and remediation. Responsible for development and implementation of
security risk management plan
Support the implementation of controls and perform period audits to ensure that
activity is appropriate. Such activity would include but is not limited to logons and
logoffs file and system access
Ensure the organization has and maintains appropriate system use and disclosure /
confidentiality and Privacy statements
Oversee develop and/or deliver initial and ongoing security training to the
workforce
Initiates facilitates and promotes activities to foster information security awareness
within the organization and related entities
Participate in the development implementation and ongoing compliance
monitoring of all business agreements to ensure security concerns requirements
and responsibilities are addressed
Establish and administer a process for investigating and acting on security incidents
which may result in a privacy breach.
Partners with Human Resources and Business Process to ensure consistent sanctions for security violations
Maintains current knowledge of applicable local federal and international laws as
well as certification requirements and accreditation standards.
Serve as information security officer to all departments for all data security related
questions and issues
Participate in 3rd party vendor risk and compliance assessment activities such as
SOC reports reviews or other control assurance reports

Professional Experience/Qualifications
Bachelors degree in a field related to Information Technology Business or Risk
Management or a related IT security certification such as CISSP CISM CISA CCSP
Security industry related knowledge and credentials such as SOC2 NIST 800-53
ISO 27001 OWASP
Knowledge and experience in local and federal information security laws such as
PIPEDA FERPA GDPR FedRAMP
Understanding of risk assessment methodologies (e.g. RCSA) internal controls and
controls testing (e.g. SOC2) and industry technology risk management frameworks as well as familiarity with SDLC and Project Management methodologies
Additional Requirements
A high level of integrity and trust
Demonstrated organization facilitation written and oral communication and
presentation skills
Interpersonal influencing and negotiation skills with the ability to work effectively with all levels of the organization
Demonstrated skills in collaboration teamwork and problem-solving to achieve
goals.
Excellent writing skills
Knowledge and direct experience with Resiliency-Disaster Recovery and Business
Continuity compliance

Required Experience:

Unclear Seniority