Governance Risk & Compliance, Lead

Who We Are:

Every transaction matters. Every Canadian matters. At Interac we protect both driving trust security and inclusion so our digital economy thrives.

Founded in 1984 Interac connects Canadians through secure digital payments advanced identity verification and industry-leading fraud protection. Connecting banks businesses and individuals Interac enables millions to send receive and manage money safely and effortlessly every day across both digital and physical environments.

As the backbone of Canadas financial ecosystem Interac facilitates over 20 million transactions daily supported by trusted partnerships with government and financial institutions. Consistently ranked as Canadas most reputable financial technology brand Interac is deeply embedded in the daily lives of Canadians.

Who You Will Work With:

The vacant Governance Risk and Compliance Lead is a key resource to ensuring Interac Corp. Security First principles are embedded in all environments.

Reporting to the Leader Governance Risk and Compliance the successful candidate will have knowledge of principles in security policies and standards and modern practices and a good understanding of security aspects of the various technologies. As a member a dedicated Information Security team The Governance Risk and Compliance Lead works closely with senior leadership team members and staff across Risk Audit Legal HR Fraud Operations and Infrastructure teams to ensure the organization is operating securely.

In this role you are working with the various teams to maintain security risk posture of the organization. You want to know as much about the state of the environment as you can and you can think outside the box when it comes to proposing solutions which will benefit the organization.

A key initiative will be maintaining ISO 27001 Certification.

What You Will Do:

• Expertise leading the implementation and ongoing management of the Governance Risk and Compliance Tool (GRC Tool) for Information Security

• Preparing and maintain risk register that identifies gaps during project system and software lifecycles through security risk assessments or security reviews and track risks for remediation

• Reporting on and measure the effectiveness of the technical controls via security metrics.

• Enhancing and maintaining the security risk assessment framework

• Proactively contribute to security governance initiatives providing technical and business advice as well as insight on management processes

• Aligning and refining Information Security policies and standards with industry best practices pertinent regulations and standards bodies (ISO 27001/2 PCI DSS CIS NIST Series)

• Developing security requirements matrix mapped to organizations policies and standards

• Prepare track and maintain risk acceptances and security exceptions.

• Leverage expertise in information security risk management to prepare and conduct security assessments for both planned initiatives and unplanned instances.

• Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization

• Collaborate with senior leaders and make informed risk-based recommendations to enhance the security posture of the organization products and services

• Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions

• Participate and support security related and serve as a key interface with external and internal auditors for security compliance related activities

• Support development enhancement and socialization of the security awareness program

• Create and update technical documents in line with company policies

• Ensure that effective BCP/DR policies and plans are in place and maintained

• Keep abreast of the cybersecurity threats and assess their potential impact to Interacs posture

What You Bring:

• You have an excellent knowledge information security with Degree or Diploma in Information Technology and/or business or combined relevant field experience and certifications CISSP CISA CRISC CISM

• You have 7 years of experience working with or in Information Security Information Security Governance Security Risk Management in medium to large sized organizations

• You have strong and proven leadership capabilities with communication coaching influence negotiation and conflict resolution

• You have experience implementing and managing a Governance Risk and Compliance Tool

• You have experience with Information Security practice and processes including threat and risk assessments

• You have experience managing risk throughout the risk lifecycle

• You are highly motivated and results oriented with an ability to handle high pressure situations with key stakeholders

• You have strong service management and service delivery orientation

• You have excellent presentation and communication skills and an ability to present complex information in a manner suitable for technical and non-technical audiences

• You have working experience with Cybersecurity Frameworks and industry standards: ISO 27001/2 PCI DSS CIS NIST 800 Series.

• You have knowledge of the security of cloud environments vulnerability assessments identity and access management

• You have excellent knowledge in several areas of information security (domain knowledge)

• Eligibility to work for Interac Canada in a full-time capacity

What Were Offering:

The hiring range for this position is $120K-$150K and you will also be eligible for our short-term incentive plan. The exact amount will depend on factors such as skills experience and job-related knowledge but Interacs commitment goes beyond compensation. Our Total Rewards package is designed to support your well-being and future and includes:

• Generous vacation and wellness days to help you recharge

• Comprehensive employer-paid benefits coverage for peace of mind

• Market-leading employer-funded RRSP program to invest in your future

• Flexible hybrid work model for better work-life balance

• Access to a free and confidential 24/7 employee & family assistance program to offer support for you and your immediate family

• Pregnancy and parental leave top-up to support growing families

• Charitable donation matching with United Way to amplify your impact

Why Join Us

At Interac the impact we make and the people who drive it is profound. When you become part of our team youre joining a purpose-driven organization thats shaping the future of digital finance in Canada. Heres what you can expect:

• Investing in the Future Help us unlock digital prosperity for all Canadians.

• Innovative Thinking Collaborate on products practices and platforms that redefine whats possible.

• Inclusive Culture Be empowered to bring your whole self to work and realize your full potential.

• Inspiring Community Work in an ecosystem where we lift each other up and rise together.

• Intentional Support Enjoy flexible supportive offerings that prioritize your total wellness.

Additional Pre-Employment Requirements:

To ensure the integrity of our organization successful candidates will be required to complete background checks which may include Canadian Criminal Credit Check Canadian ID Cross-Check Public Safety Verification 5-year Employment Verification Education Verification Credit Check and Social Media Check.

Equal Opportunity Employer

Interac is also an equal opportunity employer committed to fostering a diverse and inclusive workplace. We believe that innovation thrives when people from different backgrounds experiences and perspectives come together. Thats why we are committed to providing fair and equitable employment opportunities for all individuals without discrimination based on race color ancestry ethnic origin place of origin citizenship creed sex sexual orientation gender identity or expression age marital or family status disability or any other characteristic protected by applicable law.

If you require accommodation during any stage of the application or recruitment process please contact us at We will work with you to meet your needs.

Please be aware that certain individuals are misusing Interac Corp.s name and logo to promote fictitious employment opportunities. Interac Corp. never requests solicits or accepts any form of payment in exchange for employment. Any such offers are fraudulent and should be disregarded. Interac Corp. assumes no liability for any claims losses damages expenses or inconveniences arising from or related to these fraudulent activities. Such communications do not constitute an offer or representation by Interac Corp. or its subsidiaries and affiliates.