Global Manager, Security, Risk and Compliance - Surrey, Canada - Finning International Inc.
Description
Company:
Finning International Inc.
Number of Openings:
1
Worker Type:
Permanent
Position Overview:
Directly reporting to the Chief Information Security Officer, the Security, Risk and Compliance Global Manager role will be responsible for managing the global IT Security, Risk, and Compliance program.
This leader role is responsible for designing, documenting, implementing and governing Information Security controls and IT compliance programs to meet corporate, legal and regulatory requirements.
This role will also be accountable to strategically define and lead the delivery of the Cyber Security Awareness program in multiple languages at Finning globally.
The Security, Risk, and Compliance Manager will be accountable for the development and continuous improvement of Finning's Information Services Management System (ISMS) based on industry frameworks such as ISO27001, NIST, and other applicable controls.
This possesses a broad and in-depth understanding of technical and professional skills in many disciplines including: IT Governance, Risk Management, Information Security and Identity Access Management, Security Operations, Security Architecture, Legal and Regulatory Compliance, Audit, Organizational Change Management, Communications, Learning and Development, Analytics, Vendor Management, Policy Management, Project Management, and Data Governance.
Job Description:
- Major Job Functions:
- IT Governance
- Indirect ownership of all global IT security policies.
- Strategically build and automate a global Governance Risk Compliance (GRC) program to record applicable controls and collect and manage required supporting artifacts.
- Collaborate with key stakeholders to create, implement and govern the information security policies, standards, controls baseline and controls maturity model; ensuring corporate and regional regulatory compliance is regularly validated.
- Primary liaison for all external and internal audits, including reviewing requests, monitoring audit execution, and review findings with IT Leadership. The audits may or may not be related to information security.
- Define and deliver appropriate GRC metrics to leadership.
- Provide guidance towards cyber technical and contractual requirements during vendor procurement through contract reviews.
- IT Risk
- Develop and maintain global Risk Management framework, process, and risk register monitoring program.
- Leadership of Risk Management and Compliance assessment team performing RA's and compliance reviews ensuring onpremise information systems and cloud service providers and solutions are adequately protecting Finning and our customers information sufficiently.
- Assign risk weighting on policy exception requests and monitor risk treatment plans to closure.
- Direct applicable maturity assessments towards obtaining ISO27001, 27701, CSOX and SOC2 Type II certifications.
- Respond to customer and cyber insurance information security and data protection questionnaires.
- Security Awareness
- Full accountability and program ownership for global cybersecurity awareness, strategic program definition and execution, vendor/contractor procurement and team management.
- Management of all content created and presented, metrics collecting, data analysis, continuous program improvement.
- Performance Management
- Provide leadership to regional governance, risk, and compliance and security awareness analysts. Oversee their goals, performance metrics, and career development.
- Accountability:
- Responsible for leading, developing, and executing the Information Management Security Systems (ISMS) program
- Responsible for leading execution of tasks associated with IT Security Governance, Risk, and Compliance
- Manage team goal setting and business objectives within the program
- Ensure that program is being managed to realize business benefits
- Evaluate project and/or program performance and recommend changes where necessary
- Authority over Information Security Policy management including, creation, gap assessment, exceptions, and approval
- Develop, maintain, and deliver the global IT maturity measurement platform
- Negotiate with stakeholders at senior levels, ensuring that organizational policy and strategies are adhered to
- Plan and manage the implementation of organizationwide processes and procedures, tools and techniques for the identification, assessment, and management of IT risk inherent in the operation of business processes and of potential risks arising from planned change.
- Review information systems for compliance with legislation and specifies any required changes.
- Contribute to reviews and audits of project and program management to ensure conformance to standards
- Analyze business processes for improvement; identify alternative solutions, assess feasibility, and recommend new approaches by establishing and communicating recommendations
- Lead the provisioning of authoritative advice and guidance on the requirements for secu
More jobs from Finning International Inc.
-
Environment, Health
Edmonton, Canada - 1 week ago
-
Internal Auditor
Edmonton, Canada - 2 weeks ago
-
Hiring yard Labourer
Canada - 3 weeks ago
-
Leadhand Parts Journeyperson Countersales
Alberta, Canada - 1 week ago
-
IT Auditor
Edmonton, Canada - 4 days ago
-
Customer Service Representative
Grande Prairie, Canada - 1 week ago