What you’ll do
Reporting to the AVP, Cyber Governance, Risk and Controls, the Manager, Cyber Security Risk will be responsible for leading and managing Cybersecurity Risk & Third-Party Risk services across the enterprise. This role will provide consistency across the cyber risk function and work with the business to design and deliver outcomes as securely as possible. They are a major point of interface with business leaders for cyber security and they will play a significant role in delivering key cyber risk messages to stakeholders.
Manage Cybersecurity Risk & Third-Party Risk services across the enterprise
Maintain and implement Cybersecurity Risk Frameworks
Lead teams performing the Cybersecurity Risk Management functions for Canadian Tire
Lead the risk assessment processes to perform third-party vendor assessments, project risk assessments, digital crown jewel assessments, and enterprise risk assessments of systems, applications, and business processes
Manage the Enterprise Risk Assessment processes to ensure risk transparency, risk treatment, issues management, and business acceptance and risk-based decision making
Manage the Third-party Risk Assessment process to ensure risk transparency and business acceptance, contractual obligations, and enable risk-based decision making
Develop and implement third-party risk management processes for ongoing vendor monitoring, reporting and remediation of third-party risks
Lead transformation squads specializing in maturing the cybersecurity risk practices for the organization
Direct the evolution of the Service Now GRC platform for risk and third-party risk
Report on cybersecurity risk to Enterprise Risk Management as well as Executive Management
Partner with key internal stakeholders to design and implement effective controls to mitigate risk
What you bring
The Manager, Cyber Security Risk will be an Agile and innovative individual, who is able to manage in an environment of change and ambiguity to help us take bold and strategic moves in this rapidly evolving retail environment. This individual will be a collaborative team players with superior influencing skills, who build relationships easily across various stakeholder groups to move initiatives forward.
University degree or College diploma in technology or business-related discipline
7+ years of related business experience within Cyber Security roles
Strong IT Security or IT Audit background
Direct experience with the NIST Cybersecurity Framework (CSF), ISO 27005 and IRAM
Experience in and strong knowledge of risk governance and compliance, security, and operations
Excellent relationship management, consulting, and problem-solving skills
Experience with assessing, designing, and implementing security programs or specific capabilities, including governance, security monitoring, and vulnerability management
Excellent communication skills with the ability to translate technical requirements for non-technical business partners and influence / persuade a different point of view
Ability to clearly and confidently communicate written and verbal recommendations, articulating risks and trade-offs
Experience partnering with and leading external vendors
Exceptional time management and self-management skills
Ability to travel as required to other office locations such as Toronto, Welland, and Calgary
CISSP, CISA or CRISC designation is considered an asset
Hybrid
We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.