Information Security Specialist (Governance and Compliance)

Company: CGL

Department: Information Technology

Employment Type: Regular Full-Time

Work Model: Remote-Based

Language: English is required, French is an asset.

Additional Information: There are 2 positions available.

The Opportunity:

We are a leading Canadian financial services co-operative committed to being a catalyst for a sustainable and resilient society and our tram is essential to deliver on this strategy. That's why we prioritize out people, to ensure we provide a strong culture and development opportunities which enables our team to thrive and to love our purpose. The best part is that you will work with people that care passionately about you, our clients, and our communities. 

Our Information Technology team aspires to be a leader in applying technology to power business strategies. We connect concepts with solutions to create value and efficiencies for our clients, employees, and communities. Our success is driven by our skilled and diverse team who are passionate about excellence, innovation, and agility. The Information Security Specialist (governance and compliance) is responsible for the definition, design, development, implementation, adherence and continuous improvement of the Information Security framework for The Co-operators group of companies, in line with regulatory/legislative requirements and industry best practices.

The Information Security framework includes policies, standards, procedures, processes and practices and technology that effectively and efficiently ensure information security in the areas of governance, compliance, risk management, and policy settings of all security platforms.

This role is responsible for the definition, design, development, implementation, adherence and continuous improvement of the Information Security framework for The Co-operators group of companies, in line with regulatory/legislative requirements and industry best practices.

How you will create impact:

• Manage and lead the Information Security governance activities across the group of companies.
• Create, disseminate, and facilitate the implementation of security policies, standards, and guidelines.
• Manage and lead Information Security compliance activities across the group of companies, ensuring the Information Security Compliance program effectively prevents and detects violations pertaining to regulations, enterprise Information Security policy and standards, or corporate codes of conduct.
• Collaborate with audit, privacy, and compliance functions as well as individual business units including IT to ensure that all IT security and compliance assessments are conducted, issues of non-compliance are tracked, measured, reported, and inadequacies are remediated.
• Ensure that information security risk management practices identify and address risks stemming from business processes and technology systems, and factor them into the Enterprise Risk landscape, in collaboration with Enterprise Risk Management (ERM) and other business functions.
• Interface with all stakeholders including business functions, technology functions, vendors and other internal teams to ensure adequate level of security policy setting in existing technology platforms and new technology deployments. Assist with implementations and monitoring after deployment.

How you will succeed:

• You have an innovative mindset to improve operational efficiencies and ability to influence change, with a primary focus on client needs.
• You use critical thinking skills to recognize assumptions, evaluate arguments, draw conclusions and proactively propose solutions.
• You have strong communications skills to clearly convey messages and explore diverse points of view.
• You build trusting relationships and provide guidance to support the development of colleagues.

To join our team:

• Degree or diploma in Business or Computer Science and/or at least 8 years progressive industry experience in information systems, audit, compliance, security, or risk management. Must hold one of the following certifications: CISSP, CISA, GIAC and SANS Technical certifications.
• 5+ years of direct information security work experience, and/or a complex IT environment.
• In-depth experience designing and implementing information security programs, strategies, frameworks, policies, awareness campaigns, and third-party security assessment program.
• Understanding of information security regulations and standards such as NIST, PCI, ISO 2700x, PIPEDA, COBIT, CEO/CFO Certification and OSFI Technical competencies.
• Must have the ability to translate complex technical discussions into business language and gain buy-in from stakeholders on complex issues.

What you need to know:

• Detail oriented work that requires a high degree of mental concentration for extended periods of time.
• You will be subject to a Background check as a condition of employment, in the event you are the successful candidate.

What's in it for you?

• Training and development opportunities to grow your career.
• Flexible work options and paid time off to support your personal and family needs.
• A holistic approach to your well-being, with physical and mental health programs and supportive workplace culture.
• Paid volunteer days to give back to your community.
• In addition to our competitive salary and incentive programs, eligible employees also benefit from a comprehensive total rewards package including group retirement savings plans, pension and benefits (e.g. health and wellness, dental, disability and life coverage), mental health support and employee assistance program.