Manager, Security Compliance

Location Oakville
Contact name: Rob Halick

Contact email: rob@staffit.ca
Job ref: 534
Published: 7 months ago
The Security Compliance Manager (SCM) provides leadership and guidance for the company’s compliance program regarding all aspects of security. The role is responsible for, and will maintain, the company’s overall technology compliance, while supporting general governance and risk management. In addition to requiring adequate information security controls, data protection, privacy and software development practices, this role is responsible for helping the organization understand and comply with all laws, rules and regulations governing the company’s technology, including third parties and vendor dependencies. The compliance role includes managing alignment with global expectations and a country specific program aligned with established and required frameworks.
 
The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems used by lines of business and vendors. The SCM will report to the CISO.
 
HERE’S HOW YOU’LL CONTRIBUTE:
 

• Work in tandem with enterprise technology, risk management, cybersecurity and business leads to incorporate compliance practices and industry standards. 
• Cultivate working relationships with technology, compliance, cybersecurity, audit and third-party stakeholders. 
• Manage and direct a team of subject matter experts for technology risk, compliance and effective controls. 
• Maintain compliance framework assessment toolkits used in testing and validation procedures. 
• Be accountable for and lead assessments for technology infrastructure, applications and third-party dependencies, aligning to regulations, best practices, corporate governance and customer expectations. 
• Continuously monitor changes to regulatory requirements, the threat landscape and business impact. 
• Manage the Corporate Trust Center providing timely and appropriate information to both prospective and current customers. 
• Partner with internal and external auditors to validate controls for compliance. 
• Direct compliance teams to document, communicate and enforce security improvements that balance risk with business operations and ensure controls do not weaken efficiencies or business innovation. 
• Create, prioritize and manage the yearly scope of technology compliance obligations. 
• Identify, document and monitor to closure any gaps when compliance responsibilities are not met. 
• Evaluate security controls and opportunities for improvement and communicate recommendations. 
• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. 
• Acquire and retain knowledge including, but not limited to, PCI, SOC 2, NIST 800, ISO 27001 and other applicable industry standards. 
 
HERE’S WHAT YOU’LL BRING:

• 10-plus years of cybersecurity or information technology practitioner and management experience and at least three years in compliance, risk management or audit. 
• At least five years’ experience managing a distributed team and workforce. 
• Bachelor’s degree preferred in computer science, information assurance, MIS or related field. 
• CISM, CRISC, CISSP, CGEIT, CIPP preferable, but not required. 
• Capable of working with diverse teams and promoting an enterprise-wide, collaborative security culture. 
• Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, PIPEDA and OSFI’s directives including Integrity and Security, B-10 and B-13. 
• Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls. 
• Wide-ranging knowledge in technical infrastructure and applications, from legacy through next generation. 
• General knowledge of cloud (AWS, Google Cloud Platform, Azure) security configuration and management. 
• Proficient understanding of business focus and processes and the ability to inject cybersecurity compliance into the business through teamwork and influence.