Sr. Manager, IT Security Policy Advisory

Company: CGL 
Department: IT
Employment Type: Regular Full-Time 
Work Model: Remote 
Language: English is required, French is an asset. 

The Opportunity:

We are a leading Canadian financial services co-operative committed to being a catalyst for a sustainable and resilient society and our team is essential to deliver on this strategy. That’s why we prioritize our people, to ensure we provide a strong culture and development opportunities which enables our team to thrive and to live our purpose. The best part is that you will work with people that care passionately about you, our clients, and our communities.

Our Information Technology team aspires to be a leader in applying technology to power business strategies. We connect concepts with solutions to create value and efficiencies for our clients, employees, and communities. Our success is driven by our skilled and diverse team who are passionate about excellence, innovation, and agility.

The Sr. Manager, IT Security Policy Advisory is responsible for leading a dynamic and high performing team accountable for creation, implementation, and management of our information security policies, standards, and guidelines. Additionally, the incumbent will be responsible for designing and managing an information security controls assurance program for The Co-operators group of companies, in line with regulatory/legislative requirements and industry best practices. 

How you will create impact:

• Provide leadership and direction to the Information Security Policy Advisory and Assurance team and foster a collaborative and high-performance culture, promoting continuous learning and professional development.
• Develop, update, and review information security policies, standards, and guidelines based on industry frameworks, best practices, and regulatory requirements.
• Communicate and present updates to security policies, standards, and guidelines to stakeholders.
• Offer expert advice to senior management on security policies, risk management, and governance strategies.
• Keep abreast of emerging threats and trends to maintain effective and relevant policies.
• Engage with external stakeholders, including regulatory bodies, to ensure adherence and foster partnerships.
• Maintain the organisation's information security controls library.
• Monitor controls design and operating effectiveness with business requirements, regulations, and industry standards (e.g., OSFI, ICFR, NIST CSF).
• Conduct risk assessments and tests to identify potential security issues, ensuring effective mitigation strategies.
• Collaborate with other departments to include controls in existing processes and systems.
• Prepare assurance reports for senior management and stakeholders.
• Manage assurance-related issues, and support remediation efforts.

How you will succeed:

• You have an innovative mindset to improve operational efficiencies and ability to influence change, with a primary focus on client needs.
• You use critical thinking skills to recognize assumptions, evaluate arguments, draw conclusions and proactively propose solutions.
• You have strong communications skills to clearly convey messages and explore diverse points of view.
• You build trusting relationships and provide guidance to support the development of colleagues.

To join our team:

• Bachelor’s degree in information technology, Cybersecurity, or a related field.
• 10+ years of experience in information security, specifically in governance and compliance.
• Comprehensive knowledge of information security frameworks and standards (e.g., ISO 27001, NIST CSF, COBIT, PCI DSS, CIS).
• Highly desirable certifications include CISSP, CISM, CRISC, CISA.
• Experience in developing and documenting information security policies, standards, and designing and leading security assurance programs in medium to large organisations.
• Proven ability to drive adherence with standards and controls.
• Expertise in risk assessment and management methodologies.
• Strong communication skills, suitable for conveying complex information to both technical and non-technical audiences.
• Excellent analytical and problem-solving skills.
• Ability to work well within a team-oriented environment.
• Strong project management skills with the capability to manage multiple priorities.

What you need to know:

• Detail oriented work that requires a high degree of mental concentration for extended periods of time.
• You will be subject to a Background check as a condition of employment, in the event you are the successful candidate.

What’s in it for you?

• Training and development opportunities to grow your career.
• Flexible work options and paid time off to support your personal and family needs.
• A holistic approach to your well-being, with physical and mental health programs and a supportive workplace culture.
• Paid volunteer days to give back to your community.
• In addition to our competitive salary and incentive programs, eligible employees also benefit from a comprehensive total rewards package including group retirement savings plans, pension and benefits (e.g., health and wellness, dental, disability and life coverage), mental health support and an employee assistance program.