Talent.com
Manager, Cyber Security Risk

Manager, Cyber Security Risk

Canadian Tire CorporationToronto, ON
9 days ago
Job type
  • Full-time
Job description

What you’ll do

Reporting to the AVP, Cyber Governance, Risk and Controls, the Manager, Cyber Security Risk will be responsible for leading and managing Cybersecurity Risk & Third-Party Risk services across the enterprise. This role will provide consistency across the cyber risk function and work with the business to design and deliver outcomes as securely as possible. They are a major point of interface with business leaders for cyber security and they will play a significant role in delivering key cyber risk messages to stakeholders.

Manage Cybersecurity Risk & Third-Party Risk services across the enterprise

Maintain and implement Cybersecurity Risk Frameworks

Lead teams performing the Cybersecurity Risk Management functions for Canadian Tire

Lead the risk assessment processes to perform third-party vendor assessments, project risk assessments, digital crown jewel assessments, and enterprise risk assessments of systems, applications, and business processes

Manage the Enterprise Risk Assessment processes to ensure risk transparency, risk treatment, issues management, and business acceptance and risk-based decision making

Manage the Third-party Risk Assessment process to ensure risk transparency and business acceptance, contractual obligations, and enable risk-based decision making

Develop and implement third-party risk management processes for ongoing vendor monitoring, reporting and remediation of third-party risks

Lead transformation squads specializing in maturing the cybersecurity risk practices for the organization

Direct the evolution of the Service Now GRC platform for risk and third-party risk

Report on cybersecurity risk to Enterprise Risk Management as well as Executive Management

Partner with key internal stakeholders to design and implement effective controls to mitigate risk

What you bring

The Manager, Cyber Security Risk will be an Agile and innovative individual, who is able to manage in an environment of change and ambiguity to help us take bold and strategic moves in this rapidly evolving retail environment. This individual will be a collaborative team players with superior influencing skills, who build relationships easily across various stakeholder groups to move initiatives forward.

University degree or College diploma in technology or business-related discipline

7+ years of related business experience within Cyber Security roles

Strong IT Security or IT Audit background

Direct experience with the NIST Cybersecurity Framework (CSF), ISO 27005 and IRAM

Experience in and strong knowledge of risk governance and compliance, security, and operations

Excellent relationship management, consulting, and problem-solving skills

Experience with assessing, designing, and implementing security programs or specific capabilities, including governance, security monitoring, and vulnerability management

Excellent communication skills with the ability to translate technical requirements for non-technical business partners and influence / persuade a different point of view

Ability to clearly and confidently communicate written and verbal recommendations, articulating risks and trade-offs

Experience partnering with and leading external vendors

Exceptional time management and self-management skills

Ability to travel as required to other office locations such as Toronto, Welland, and Calgary

CISSP, CISA or CRISC designation is considered an asset

Hybrid

We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.