Manager IT GRC

Reporting to the Senior Manager, IAM & GRC, the Manager – IT Governance, Risk and Compliance plays a key role in ensuring information security and compliance at 407 ETR. This includes elaborating and maintaining internal and external audits, vendor due diligence, and security risk management programs. The role involves developing, maintaining, and updating all IT Security policies and control processes in collaboration with relevant stakeholders. The ideal candidate is an experienced professional passionate about leading and improving organizational processes to ensure compliance and risk management, balancing security risks with business enablement.

1. Drive change and leadership best practices, supporting corporate programs to bring consistency to our people strategy, and supporting Diversity, Equity, and Inclusion initiatives.
2. Monitor emerging technologies to gain a competitive advantage in information security and risk management.
3. Collaborate with IT and business units to assess, design, and implement sustainable security solutions and processes.
4. Work with business units to ensure compliance and address related questions and issues.
5. Document and meet standards, processes, procedures, and metrics.
6. Consult with Application Security, Risk, and Controls teams.
7. Facilitate and support internal and third-party audits.
8. Conduct risk assessments and tabletop exercises, and work with incident response plans.
9. Assist with Disaster Recovery and Business Continuity planning.
10. Perform assessments and remediation activities to ensure systems and controls comply with policies and frameworks.

1. Develop and enhance information risk management strategies and processes.
2. Manage risk assessments, risk registries, and mitigation strategies.
3. Maintain risk tolerance metrics and provide guidelines to keep exposure within limits.
4. Identify, communicate, and work with teams on risk mitigation.

1. Ensure adherence to legislation and regulations like PCI DSS.
2. Assess technology solutions and third parties for compliance with security policies and standards.

1. Assist in developing and maintaining security policies and procedures.
2. Improve governance frameworks and reporting in collaboration with IT leadership.
3. Oversee information security governance initiatives.
4. Support Data Governance programs including classification, storage, and quality management.

• Minimum of 7 years of experience in IT security or related fields.
• College Diploma or University Degree in relevant fields preferred.
• Intermediate to advanced knowledge of O365 and AWS.
• Experience with GRC and relevant certifications (e.g., CISA, CISM, CRISC, CGEIT, CISSP) preferred.
• Knowledge of security frameworks like PCI DSS, ISO 27001/27002, COBIT, NIST.
• Familiarity with Agile methodologies is a plus.
• Strong stakeholder and vendor management skills.

At 407 ETR, we are committed to fostering a diverse, equitable, and inclusive work environment. We value the unique perspectives of all individuals and are dedicated to creating a safe, supportive environment for all employees. Accommodation for disabilities or other protected grounds is available upon request during the employment process.