Information Security & Compliance, Lead

Information Security & Compliance, Lead

At Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real-time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada.

Want to make a lasting impact amongst a community of creative thinkers, problem solvers, technical virtuosos, and high-performance application developers? We want to hear from you.
 

The Information Security & Compliance, Lead is responsible for the implementation, effective operation and management of the Information Security Management System at Interac. The Information Security & Compliance, Lead is a key resource to ensuring Interac Corp. “Security First” principles are embedded in all environments. The successful candidate will have knowledge of principles in cyber security policies and standards and industry best practices and a good understanding of cyber security aspects of the various technologies.

In addition, this job function plays a vital role in ensuring our organization's ability to meet the security requirements of federal government contract acting as the official point of contact with Public Services and Procurement Canada's Contract Security Program (CSP). This role will be responsible for maintaining our compliance and liaising with the relevant authorities.

You'll be responsible for:

• Managing the day-to-day operations of Interac’s Information System Management (ISMS) including providing support to the ISMS Steering Committee, and activities pertaining to the ongoing operational improvement of the ISMS.

• Creating, enhancing, maintaining, and ensuring compliance with cyber security framework and aligning Interac’s information security policies, standards, and processes with industry best practices, pertinent regulations and standards bodies. (ISO 27001, PCI DSS, CIS, NIST Series). Maintaining Interac’s ISO certification in accordance with ISO27001:2022. 

• Leading the Company Security Officer (CSO) role responsible for the Government of Canada Contract Security Program (CSP) and managing compliance requirements on all contract security matters. 

• Collaborating with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services. 

• Proactively contributing to security governance initiatives, providing technical and business advice, as well as insight on management processes. 

• Well versed with Governance Risk and Compliance security tooling capabilities (GRC Tool) for information security. 

• Reporting on and measuring the effectiveness of the technical controls and propose compensating controls accordingly

• Conducting risk assessments for both planned initiatives and unplanned instances to ensure that controls are implemented, and risk treatment plans are effective.

• Ensuring that residual risk and changes to ISMS scope’s technology, business objectives, processes, legal requirements and identified threats are incorporated into the ISMS. 

• Proactive management of Corrective Action Plans (CAP) at every monthly meeting – all action items, due dates must be adhered to, and this table will detail all audit findings, risks on the Risk Treatment Plan and information security improvement initiatives.

• Supporting key security related internal and external audits and serve as a key interface for security compliance related activities.

• Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions.

• Keeping abreast of the cybersecurity threats and trends and assessing their potential impact to Interac’s security posture.

You bring:

• Excellent knowledge Information Security with Degree or Diploma in Information Technology and/or business, or combined relevant field experience and certifications CISSP, CISA, CRISC, CISM.

• 7+ years of experience working with or in Information Security, Information Security Governance, Security Risk Management in medium to large sized organizations. 

• Strong and proven leadership capabilities with communication, coaching, influence, negotiation and conflict resolution.

• Experience implementing and operating an effective ISMS.

• Experience with Information Security practice and processes including threat and risk assessments. 

• Experience managing risk throughout the risk lifecycle.

• You are highly motivated, and results oriented with an ability to handle high pressure situations with key stakeholders.

• Strong service management and service delivery orientation.

• Excellent presentation and communication skills and an ability to present complex information in a manner suitable for technical and non-technical audiences.

• Expert experience with Cybersecurity Frameworks and industry standards: ISO 27001/2, PCI DSS, CIS, NIST 800 Series.

• Experience with Canada's Contract Security Program Requirements (CSP / CSM).

• Knowledge of the security of cloud environments, risk assessments, identity and access management.

• Excellent knowledge in several areas of information security (domain knowledge).

• Eligibility to work for Interac Corp. in Canada in a full-time capacity.

Interac requires employees to complete a background check that is completed by one of our service providers.  We use this service to complete the following checks:

• Canadian criminal record check;
• Public safety verification;
• Canadian ID cross-check;
• 5-year employment verification;
• Education verification; and
• If applicable, Credit Inquiry and Social Media Check

How we work
We know that exceptional people have great ideas and are passionate about their work.  Our culture encourages excellence and actively rewards contributions with:

Connection: You’re surrounded by talented people every day who are driven by their passion of a common goal.

Core Values:  They define us. Living them helps us be the best at what we do.

Compensation & Benefits: Pay is driven by individual and corporate performance and we provide a multitude of benefits and perks.

Education: To ensure you are the best at what you do we invest in you

Please be aware of certain individuals fraudulently using Interac Corp.’s name and logo to offer fictitious employment opportunities. Interac Corp. will never ask, solicit, nor accept any monies in exchange for employment opportunities. Any such offers of employment are fraudulent and invalid, and you are strongly advised to exercise great caution and disregard such offers and invitations.

Please note that under no circumstances shall Interac Corp. be held liable or responsible for any claims, losses, damages, expenses, or other inconveniences resulting from or in any way connected to the actions of individuals performing such fraud. Further, such fraudulent communication shall not be treated as any kind of offer or representation by Interac Corp. or its subsidiaries and affiliates.