Onico Solutions

Client Assisted Search
Français
Exceptional IT Staffing

Senior Manager, Information Security Risk & Governance

The Senior Manager, Information Security Risk & Governance leads the Information Security Risk Management and Governance programs. Their main objective is to manage risk and oversee cyber projects, technology selection, transition projects as well as third parties.

Responsibilities

  • Manage the Risk & Governance program
  • Understand and manage Information Security risks pertinent to the organization’s business goals and work with various departments to identify, measure, monitor, and report on risk based on information assets
  • Develop, document, and communicate risk mitigation strategies to risk owners; document and monitor the implementation of security controls and adjust risk rating accordingly
  • Develop, maintain and report on KRI’s, KPI’s and SLA’s related to Information Security program.
  • Research, implement and operate risk and governance technology tools and processes to enhance the effectiveness of the practice
  • Develop new Information Security policies; ensure all existing policies and related documents are up to date
  • 4 direct reports (Security Analysts)
  • Oversee related cyber projects, technology selection, transition projects and third-party vendors
  • Review security metrics and create forecasts

Qualifications

  • Post-secondary degree in Computer Science or equivalent combination of education and experience to satisfy the requirements of the position.
  • Minimum 8 years of progressive responsibilities in developing and supporting Information Security risks management and governance programs with 3 years in a management role
  • Excellent knowledge of security technologies which are commonly used in enterprises to protect information systems, including on premise, Cloud and Mobile.
  • Experience with Information Security and Risk Management frameworks like ISO27001/2, ISO27005, NIST CSF, NIST 800-30, SSAE18 and PCI
  • Understanding of legal and regulatory compliance standards and requirements like PCI-DSS, PIPEDA for SOC2 and ISO audit purposes
  • Experience overseeing related cyber projects, technology selection, transition projects and third-party vendors
  • Experience reviewing security metrics and creating long term forecasts
  • Experience with security architecture and platforms
  • Experience working with KPI and KRI dashboards that deliver real-time insight into enterprise risk posture and control effectiveness
  • CISSP, CISA, CRISC and other security certifications are an asset

This is a hybrid permanent position located in downtown Toronto with an annual salary of $145,000.00 – $150,000.00 plus bonus and benefits.

 

 

Apply Now
Back To Jobs