Manager Security Compliance

Come work for a company that’s committed to the success of each and every employee. A place where innovators and collaborators come together and build on each other’s talents. Where diversity is welcomed and celebrated.

FCT provides industry-leading title insurance, default solutions and other real estate related products and services to legal, lending, valuation and real estate professionals across Canada. With FCT, you will have the opportunity to build a meaningful career. Join us as we continue to do exciting work and make a big impact on our colleagues, customers and communities.

We are continually searching for great talent; individuals who possess a deep commitment to the customers and markets we serve. If you would like to join a company that is committed to the success of each employee and offers challenge, purpose and the opportunity to grow both personally and professionally in a team-oriented environment, you'll enjoy a career with us! We understand that fostering a diverse and inclusive environment is critical for the success of our business, and we actively work towards it every day.

The Security Compliance Manager (SCM) provides leadership and guidance for the company’s compliance program regarding all aspects of security. The role is responsible for, and will maintain, the company’s overall technology compliance, while supporting general governance and risk management. In addition to requiring adequate information security controls, data protection, privacy and software development practices, this role is responsible for helping the organization understand and comply with all laws, rules and regulations governing the company’s technology, including third parties and vendor dependencies. The compliance role includes managing alignment with global expectations and a country specific program aligned with established and required frameworks.

The SCM ensures the company’s technical systems and information assets are protected in accordance with compliance requirements. Furthermore, the director is responsible for identifying, evaluating and reporting on information security risks when technological systems and software are not meeting compliance requirements. The SCM will work in tandem with cybersecurity, enterprise technology, legal and compliance leadership to ensure all technology conforms to the company’s desired compliance and security posture. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems used by lines of business and vendors. The SCM will report to the CISO.

• Work in tandem with enterprise technology, risk management, cybersecurity and business leads to incorporate compliance practices and industry standards.
• Cultivate working relationships with technology, compliance, cybersecurity, audit and third-party stakeholders.
• Manage and direct a team of subject matter experts for technology risk, compliance and effective controls.
• Maintain compliance framework assessment toolkits used in testing and validation procedures.
• Be accountable for and lead assessments for technology infrastructure, applications and third-party dependencies, aligning to regulations, best practices, corporate governance and customer expectations.
• Continuously monitor changes to regulatory requirements, the threat landscape and business impact.
• Manage the Corporate Trust Center providing timely and appropriate information to both prospective and current customers.
• Steer the program with emphasis around privacy, security, business resiliency and compliance frameworks.
• Partner with internal and external auditors to validate controls for compliance.
• Focus on principles aligned with enterprise risk management fundamentals within security and technology teams to maintain up-to-date configuration documentation for systems and processes.
• Direct compliance teams to document, communicate and enforce security improvements that balance risk with business operations and ensure controls do not weaken efficiencies or business innovation.
• Create, prioritize and manage the yearly scope of technology compliance obligations.
• Uphold policy and rigor in the vendor risk assessment process used by all business units.
• Identify, document and monitor to closure any gaps when compliance responsibilities are not met.
• Evaluate security controls and opportunities for improvement and communicate recommendations.
• Guide members of the compliance team and provide constructive feedback related to performance.
• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Acquire and retain knowledge including, but not limited to, PCI, SOC 2, NIST, ISO 27001 and other applicable industry standards.
• Facilitate IT compliance of identified controls, e.g., IT, application, cloud, cybersecurity, etc.
• Perform other duties as assigned.

• At least eight years’ experience in cybersecurity and at least three years in compliance, risk management or audit.
• At least five years’ experience managing a distributed team and workforce.
• Capable of working with diverse teams and promoting an enterprise-wide, collaborative security culture.
• Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, PIPEDA and OSFI’s directives including Integrity and Security, B-10 and B-13.
• Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls.
• Wide-ranging knowledge in technical infrastructure and applications, from legacy through next generation.
• General knowledge of cloud (AWS, Google Cloud Platform, Azure) security configuration and management.
• Proficient understanding of business focus and processes and the ability to inject cybersecurity compliance into the business through teamwork and influence.
• Ability to maintain a high level of integrity, trustworthiness and confidence to represent the company and security leadership with the highest level of professionalism.
• Excellent project management, personal and organizational skills.
• Ability to remain credible with the team and external constituents through sustained industry knowledge.

Bachelor’s degree preferred in computer science, information assurance, MIS or related field. Advanced degree not required, but an MBA or master’s degree in information assurance/technology is advantageous.

10-plus years of cybersecurity or information technology practitioner and management experience.

CISM, CRISC, CISSP, CGEIT, CIPP preferable, but not required.

137,200 - 167,900

Any pay range is in $CAD

Through mentoring, innovative tools, and a variety of programs that engage and reward, we empower each employee to be great and drive results.

• Comprehensive benefits that include Employee and Family Assistance Program (EFAP) and Wellness Essentials
• Group retirement savings plan with company match
• Paid holidays and generous paid time off
• Hybrid work arrangements
• Paid volunteer opportunities and charitable donation matching
• Employee recognition programs that include referral incentives
• Potential for performance-based incentives
• The opportunity to participate in our stock purchase plan
• And more!

*As per terms of the employment agreement

The Great Place to Work® Institute has named FCT one of Canada’s Top 50 Best Workplaces, Best Workplaces in Canada for Financial Services & Insurance, Best Workplaces in Canada for Women, Best Workplaces in Canada for Inclusion and Best Workplaces in Canada for Mental Wellness. We’re also one of Achievers 50 Most Engaged Workplaces™ in North America.

By joining us, you will not only be part of an award-winning organization, you will be part of a workforce that is engaged and empowered to succeed.

Thank you for considering FCT. We look forward to meeting you.

In accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act, a request for accommodation will be accepted as part of FCT’s hiring process.

To avoid any delays in the recruitment process, if you require accommodation to apply, please provide your accommodation needs in advance. You may also be required to submit adequate medical/other documentation to Human Resources to support your request for accommodation.

FCT is an equal opportunity employer and is committed to an active nondiscrimination program. All recruitment, hiring, placements, transfers, promotions, training, compensation, benefits, discipline, and other terms and conditions of employment will be on the basis of the qualifications of the individual regardless of race, colour, place of origin, ethnic origin, citizenship, handicap (including mental and physical disability), sex, sexual orientation, gender identity and expression, creed (religion), marital status, family status (being in a parent/child relationship), age, or any other basis prohibited by the applicable provincial or federal human rights legislation.