Information Services Governance and Compliance Specialist

Posting closes: February 19, 2025

Employment Status: Full-time (37.5 hours per week)

Servus is growing! We are currently looking for a Information Services Governance & Compliance Specialist within our Information Services department in Edmonton, Alberta.

Servus Credit Union is Alberta's largest member-owned credit union, known for building strong, resilient communities by helping our members feel good about their money. One of Canada's Best Managed Companies for 20 consecutive years and ranked as one of the top banks in Canada on Forbes World's Best Banks list for two years in a row, we are a team of smart, gutsy, and driven individuals.

The IS Governance and Compliance Specialist, under the direction of the Lead, GRC, will design, develop and maintain a corporate program to manage and respond to audit requests and exercises (IT/IS/Security controls). These will include, but not be limited to, internal audit assessments, annual financial statement audit, and regulator and industry audits.

Additionally, this position will collaborate with the Leader of Cards regarding PCI-DSS compliance to ensure Servus' good standing with the PCI-DSS. This will include internal controls as well as validation and verification of controls for external partners and providers.

Responsibilities

Governance Program

• Scope, develop and implement IT governance framework across the organization.
• Manage effectiveness of audit responses and drive any remediation required. Perform root cause analysis and implement continuous improvement process opportunities.
• Ensure IT Security projects align with the business strategy and objectives.
• Identify risks and implement/recommend risk mitigation strategies.
• Develop, monitor and report on security performance metrics.
• Develop and implement IT policies and procedures that promote cost-effective, secure operations.
• Provide guidance on IT risk management, including disaster recovery planning.

Regulatory Compliance

• Manage operational effectiveness of security controls within the compliance frameworks and drive any remediation required. Perform root cause analysis and implement continuous improvement process opportunities.
• Develop metrics to report on compliance performance.
• Have an in-depth knowledge of current and changing trends of the regulatory environment.
• Stay informed of and be compliant with all applicable provincial and federal laws and regulations. Be knowledgeable of current trends in the financial industry.
• Provide feedback and escalate issues related to current compliance framework and security controls within it.
• Seek efficiencies while maintaining regulatory requirements.
• Monitor, process and lead any work required for changes to the current and future compliance frameworks.
• Work closely with internal stakeholders such as AML, Privacy, and Payments to ensure the security controls are identified and monitored by the appropriate stakeholders.

Business Processes

• Apply subject matter expertise to the prioritization and planning in conjunction with Audit and Compliance policies and strategies.
• Ensure Lead, GRC is informed of all relative developments and information.
• Ensure guidelines for third-party providers are adhered to.
• Provide reporting/analysis as requested to Director Payments regarding all aspects of PCI-DSS compliance.

Teamwork

• Ability to work in a busy, ever-changing environment.
• Maintain a responsive and respectful relationship with other departments.
• Build and sustain excellent working relationships at all levels of the organization.
• Contribute positively to department morale and a cohesive work environment.
• Work collaboratively to accomplish common goals.
• Flexible, versatile, and dependable.

Requirements

• Minimum of 5-7 years in Information Security and Risk roles.
• Desired certification of Certified Systems Security Professional (CISSP).
• Experience with frameworks and standards such as NIST Cybersecurity Framework, OSFI B13, COBIT, and ITIL.
• Strong knowledge of regulatory requirements and how they apply to information security and risk.
• Strong analytical and problem-solving skills.
• Ability to work effectively with internal and external partners.
• Self-motivated and able to establish structure and approach to complete individual work assignments with minimal day-to-day supervision.

Desirable Certifications

• Certified Information Security Manager (CISM).
• Certified Information Security Auditor (CISA).
• Certified in Risk and Information Systems Control (CRISC).

Education and Training

• The position requires a minimum completion of an undergraduate business program and progress within a post-secondary accounting or financial analysis professional program.

Benefits

Working for Servus has outstanding benefits. In addition to standard benefits like health and wellness, vacation, and retirement savings programs, we also provide other important benefits such as:

• Training & Development Opportunities.
• Career Advancement Potential.
• Flexible work options.
• Competitive Compensation including performance-based incentive pay.
• Meaningful work towards individual and corporate goals.
• Opportunities to get involved and give back through an employee volunteer program.

For Information About These Benefits And More, Click Here.

At Servus, our employees are also members. This means you'll have all the benefits of being a member of the credit union including profit sharing, voting for the board of directors, and all of the services we provide ... with a few additional perks!

What happens next?

Only those applicants selected for an interview will be contacted. Should you require any accommodations during the hiring process, please advise us at that time.

Discover a sense of belonging amongst a team of unique, authentic individuals working together to reimagine financial fitness. We value and celebrate the richness that diverse backgrounds and experiences bring to our community. Your skills, passion, and curiosity may find a sense of belonging at Servus, so even if you don't check every box we encourage you to apply!