Governance Risk & Compliance, Lead

The Governance Risk and Compliance, Lead is a key resource to ensuring Interac Corp. “Security First” principles are embedded in all environments. The successful candidate will have knowledge of principles in security policies and standards and modern practices and a good understanding of security aspects of the various technologies. As a member a dedicated Information Security team, The Governance Risk and Compliance Lead works closely with senior leadership, team members and staff across Risk, Audit, Legal, HR, Fraud, Operations, and Infrastructure teams to ensure the organization is operating securely.

In this role, you are working with the various teams to maintain security risk posture of the organization. You want to know as much about the state of the environment as you can, and you can think outside the box when it comes to proposing solutions which will benefit the organization.

A key initiative will be maintaining ISO 27001 Certification.

• Expertise leading the implementation and ongoing management of the Governance Risk and Compliance Tool (GRC Tool) for Information Security
• Preparing and maintain risk register that identifies gaps during project, system and software lifecycles through security risk assessments or security reviews and track risks for remediation
• Reporting on and measure the effectiveness of the technical controls via security metrics.
• Enhancing and maintaining the security risk assessment framework
• Proactively contribute to security governance initiatives, providing technical and business advice, as well as insight on management processes
• Aligning and refining Information Security policies and standards with industry best practices, pertinent regulations and standards bodies (ISO 27001/2, PCI DSS, CIS, NIST Series)
• Developing security requirements matrix mapped to organization’s policies and standards
• Prepare, track and maintain risk acceptances and security exceptions.
• Leverage expertise in information security risk management to prepare and conduct security assessments for both planned initiatives and unplanned instances.
• Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization
• Collaborate with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services
• Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions
• Participate and support security related and serve as a key interface with external and internal auditors for security compliance related activities
• Support development, enhancement, and socialization of the security awareness program
• Create and update technical documents in line with company policies
• Ensure that effective BCP/DR policies and plans are in place and maintained
• Keep abreast of the cybersecurity threats and assess their potential impact to Interac’s posture

• You have an excellent knowledge information security with Degree or Diploma in Information Technology and/or business, or combined relevant field experience and certifications CISSP, CISA, CRISC, CISM
• You have 7+ years of experience working with or in Information Security, Information Security Governance, Security Risk Management in medium to large sized organizations
• You have strong and proven leadership capabilities with communication, coaching, influence, negotiation and conflict resolution
• You have experience implementing and managing a Governance Risk and Compliance Tool
• You have experience with Information Security practice and processes including threat and risk assessments
• You have experience managing risk throughout the risk lifecycle
• You are highly motivated, and results oriented with an ability to handle high pressure situations with key stakeholders
• You have strong service management and service delivery orientation
• You have excellent presentation and communication skills and an ability to present complex information in a manner suitable for technical and non-technical audiences
• You have working experience with Cybersecurity Frameworks and industry standards: ISO 27001/2, PCI DSS, CIS, NIST 800 Series.
• You have knowledge of the security of cloud environments, vulnerability assessments, identity and access management
• You have excellent knowledge in several areas of information security (domain knowledge)
• Eligibility to work for Interac Corp. in Canada in a full-time capacity

Interac requires employees to complete a background check that is completed by one of our service providers. We use this service to complete the following checks:

• Canadian criminal record check;
• Public safety verification;
• Canadian ID cross-check;
• 5-year employment verification;
• Education verification; and
• If applicable, Credit Inquiry and Social Media Check

We know that exceptional people have great ideas and are passionate about their work. Our culture encourages excellence and actively rewards contributions with:

You’re surrounded by talented people every day who are driven by their passion of a common goal.

They define us. Living them helps us be the best at what we do.

Pay is driven by individual and corporate performance and we provide a multitude of benefits and perks.

To ensure you are the best at what you do we invest in you.