Cybersecurity Risk Manager

Select how often (in days) to receive an alert:

Location: Toronto, ON, CA PA, US MD, US Oakville, ON, CA Chicago, IL, US Ottawa, ON, CA MI, US

Company: Softchoice

Whyyou’lllove Softchoice:
We are a software-focused IT solutions and services provider that equips organizations to be agile and innovative, and for their people to be engaged, connected, and creative at work. That means moving them to the cloud, helping them build the workplace of tomorrow, and enabling them to make smarter decisions about their technology. By doing these things we help them create success for their customers and their people.

We stand proudly for our people and support their success through career development and advancement. We are recognized and respected for our culture of inclusion and belonging, continuously striving to do what’s good for our people and communities.

The impact you will have:

With the growing threats to cybersecurity for our customers and ourselves, it more critical than ever to mature our risk-based cybersecurity management program.

At Softchoice, we want to lead the way in which we manage cybersecurity internally for our business as a positive example and role model for our customers.

The Cybersecurity Risk Manager is internally facing and responsible for identifying, assessing, and mitigating risks that could affect Softchoice’s financial health, legal compliance, and reputation. This role involves strategic leadership in defining and driving the cybersecurity risk management program, establishing governance structures, ensuring regulatory compliance, and championing a culture of security across the company. The position also includes developing policies, performing assessments, and leading cross-functional teams to mitigate cybersecurity risks, particularly in alignment with ISO 27001 standards.

What you'll do:

• Take ownership for, mature our Risk Management governance/process, and leverage the broader teams for execution of risk remediation based on priorities and risk appetite.
• Set strategic direction for cybersecurity risk management, and related compliance initiatives.
• Develop and maintain a cybersecurity risk framework aligned with ISO 27001.
• Establish robust governance structures to oversee risk and compliance activities.
• Guide the organization through compliance audits and engagements with auditors.
• Oversee risk assessments to define and analyze possible risks, ensuring a comprehensive approach to risk identification.
• Evaluate the gravity (risk score) of each risk by considering potential organizational impact.
• Develop, prioritize, and lead the execution of risk treatment plans and control measures.
• Monitor and ensure evidence-based implementation of controls to achieve compliance.
• Drive process changes to eliminate or mitigate potential risks.
• Drive the execution of appropriate technology platform access reviews.
• Present risk score updates for ISMS committee and recommendations for senior leadership review.
• Define and implement contingency plans and incident response playbooks to handle cybersecurity crises effectively.
• Assess existing policies and procedures, identifying gaps and opportunities for improvement as relates to risk management.
• Recommend and drive the adoption of improved policies to strengthen the organization's cybersecurity posture.
• Drive initiatives to enhance employees' understanding of cybersecurity risks and best practices.
• Provide strategic direction, mentorship, and guidance to cross-functional teams involved in cybersecurity risk activities.
• Lead, motivate, and develop direct and indirect reports to excel in their roles. (future once ICs added under)

What you'll bring to the table:

• 10-15 years’ experience in IT including security operations (SOC).
• 5 years experience managing people directly and indirectly.
• At least 5 years working in cybersecurity governance, risk, and compliance (GRC).
• Demonstrated knowledge of risk management in the context of cybersecurity, IT compliance, risk assessment, and control.
• Demonstrated understanding of security practices, trends, and compliance audits.
• Knowledge of auditing against information security management frameworks (SOC2T2, ISO 27001:2022).
• Proven project management approach to drive outcomes is mandatory.
• Experience as a Security Analyst and/or IT Infrastructure work is desirable.
• Familiarity with industry compliance standards and regulations (e.g., GDPR, Occupational Safety and Health Act).
• Strong computer and research skills; knowledge of analysis software preferred (e.g., Statistical Analysis Software, or SAS).
• Analytical mind with problem-solving aptitude.
• Bachelor's or master's degree in computer science, engineering, information security, or a related field.
• Relevant certifications such as CISSP, CISM, CISA, CRISC.
• Professional Risk Manager (PRM) certification is a plus

Not sure if you qualify? Think about applying anyway:
We understand that not everyone brings 100% of the skills and experiencefor the role.

At Softchoice, we offer opportunities to a diverse group including those with a variety of workplace experiences and backgrounds. Whether you are new to corporate tech, returning to work after a gap in employment, or looking to transition and take the next step in your career, we are excited to learn more about you and encourage you to apply.

Why You’ll Love Working Here:

• The People: You’ll thrive in our collaborative environment, surrounded by incredible colleagues who foster support and innovation, driving our collective success
• High-Performing Culture: At Softchoice, we are dedicated to achieving our goals and committed to success for our customers and each other
• Flexibility: Plan your workdays in a way that suits you best
• Award-Winning Workplace: Proudly recognized as a Great Place to Work for 20consecutive years
• Inclusive Culture: We are committed to an inclusive culture where every team member can be their authentic self
• Competitive Benefits: Benefit from competitive perks that start on day one

Inclusion & Equal opportunity employment:
We arean equal opportunity employer committed to diversity, inclusion & belonging. Peopleseeking employment at Softchoice are considered without regard to any protected category including but not limited to, race, color, religion, national origin, age, sex, marital status, ancestry, disability, veteran status, gender identity, or sexual orientation.

Require accommodation? We are ready to help:
We areproud to provideinterview &employment accommodationduring the recruitment and hiring process. If you requireanyaccommodation to apply or interview for a position, please reach out directly toasktalentacquisition@softchoice.com .We are committed to working with you to best meet your needs.

Our commitment to your experience:
We arecommitted to the safety of all applicants and team members. With that in mind, we have implemented digital interviewing for everyone. We understand that you may need to interview with distractions around you(such as children or furry friends)and we willbe doing the same.

Before you start with us, we will conduct a criminal record check, verify your education, and check your references.

When you join Softchoice, we will onboard you remotely. Don't worry. It's quick, simple and you'll be connected with your new team in no time.

Job Requisition ID:6759
EoE/M/F/Vet/Disability