Overview
IT Governance, Risk, and Compliance Manager Jobs in Toronto, Ontario at Fengate Asset Management
Title: IT Governance, Risk, and Compliance Manager
Company: Fengate Asset Management
Location: Toronto, Ontario
DescriptionThis role will have an exciting opportunity to be responsible for the implementation and on-going management of an ISO 27001 program and additional IT policies and procedures.
The IT Governance, Risk, and Compliance (GRC) Manager will be responsible for assessing, documenting, and strengthening the institution’s compliance and risk posture. This includes the planning and implementation of policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The GRC manager will work closely with all areas of the organization, vendors, and the IT team to lead and manage the governance, risk and compliance related activities as described below.
Key Responsibilities
Assess and document the institution’s compliance and risk posture as they relate to its information assets and operating models across the business units.
Provide highly skilled, hands-on technical and information security expertise to enhance the development and implementation of the information security management (ISMS) program. The GRC Manager will be accountable for identifying, developing, and implementing the necessary controls to ensure the organization’s ISMS program remains robust and current for the firm.
Accountable to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines.
Operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
Operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates.
Setup a third-party vendor review process to ensure initial and ongoing compliance with our ISO 27001 standards.
Improve the organization’s security posture through continuous process improvement, policies automation, testing and monitoring.
Defines and documents business process responsibilities, ownership, exceptions and risks in a GRC tool.
Develops reporting metrics, dashboards, and evidence artifacts, illustrating the effectiveness of the controls implemented.
Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
Assists other staff in the management and oversight of IT security program functions.
Remains current on best practices and technological advancements and acts as the organization’s technical resource for security assessment and ISO 27001 compliance.
Requirements
KEY QUALIFICATIONS
Minimum 7+ years of Information Security GRC related experience
Strong understanding of the ISO 27001 information security framework.
Demonstrated experience with Information Security Risk Management Programs, specifically helping to define an IS risk register which includes identifying threats and risks to the organization.
Skilled in identifying and measuring Key Performance Indicators and Key Risks Indicators.
Experience managing IT security programs in cloud-centric organizations.
Experience with key cloud providers and their respective IAM security products/solutions.
Excellent communication and relationship manag…
