Director of Risk and Compliance
Location TORONTO , Ontario
Job Opened July 30th, 2020
Education Bachelor's Degree
Job Number 200002DN
Job Type Full-Time
The Director of Risk & Compliance is responsible for implementing and overseeing the integrated Risk & Compliance Programs, which involves socializing Risk Management principles across the company to promote awareness and effective management of IT risks, issues, and
opportunities. The Director will partner with cross functional business and technology owners to promote risk-informed decision-making, effective risk mitigation, accountability, and compliance with laws, regulations and policies. She/he will proactively share knowledge of technology risks and opportunities to improve efficiency and effectiveness of the Information Security and Cyber
Resiliency. She/he will partner with business & IT leadership and other key stakeholders to define opportunities and prioritize Information Risk Management requests and projects.
Essential Job Functions:
- Develop, implement and/or maintain strategic Risk & Compliance Programs, including but not limited to:
- Issue Management
- Vendor Risk Management
- Vulnerability Management
- PCI Compliance (Level 1 Merchant)
- IS Training and Awareness
- Lead the implementation of the company's GRC platform to find efficiencies and automate risk management processes.
- Mature the Information Risk Management Dashboard to better measure and report on the effectiveness of controls focusing on KRI/KPI
- Partner with Internal Audit to support the company's IT General Controls governance
- Conduct Ongoing Risk and Compliance assessments and monitoring of processes and procedures to ensure that the company complies with all relevant laws, regulations and policies.
- Partner with the Enterprise Security Architect to maintain the company's Information Security Polity and Standards.
- Coordinate responses to RFIs and security related questionnaires.
- Manage and mentor a team of 7 on-shore and off-shore Risk & Compliance associates.
5 to 10 years of Risk & Compliance leadership experience in a demanding and dynamic environment, including experience in establishing strategy and implementation of Risk & Compliance Programs in a Hybrid Cloud model.
At least 3 years of experience with managing teams with responsible including strategic planning and managing project portfolios.
More than 10 total years of relevant work experience, including consulting and general industry experience.
An understanding of how business strategy, risk, regulation and technical constraints influence organizational responses to cyber security.
An understanding of security methodologies, best practice and industry standards experience in risk & regulatory frameworks and standards such as NIST 800, ISO 27001, ISF SOGP, PCI-DSS, SOX, GDPR, CCPA and HIPAA.
Excellent knowledge of cloud technology and information security technologies, such as firewalls, intrusion detection systems (IDS), data leakage protection (DLP), access management, anti-malware, and SIEM technologies.
A sound understanding of how to model threats & risks as well as the controls necessary to mitigate them, on both an organizational and technical level.
Excellent written/verbal communication skills. Communicate, evangelize and promote Information Security at all levels (both technical and non-technical stakeholders)
Demonstrate skills in ability to successfully navigate within varying degrees of ambiguity in a fast-paced environment.
Performance and goal driven Continuous improvement orientation
Your Life and Career at HBC:
A culture that promotes a healthy, fulfilling work/life balance
Benefits package for all eligible full-time employees (including medical, vision and dental).
An amazing employee discount
Thank you for your interest with HBC. We look forward to reviewing your application.
HBC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, HBC complies with applicable state and local laws governing non discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence,compensation and training.
HBC welcomes all applicants for this position. Should you be individually selected to participate in an assessment or selection process, accommodations are available upon request in relation to the materials or processes to be used.