You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Global Manager, Security Risk and Compliance

Calgary, AB
Full Time
4 days ago
Company: Finning International Inc.

Number of Openings: 1

Worker Type: Permanent

Position Overview: Directly reporting to the Chief Information Security Officer, the Global Manager Security, Risk and Compliance will be responsible for managing the global IT Security, Risk, and Compliance program. This leader role is responsible for designing, documenting, implementing and governing Information Security controls and IT compliance programs to meet corporate, legal and regulatory requirements. This role will also be accountable to strategically define and lead the delivery of the Cyber Security Awareness program in multiple languages at Finning globally.

The Global Manager Security, Risk, and Compliance will be accountable for the development and continuous improvement of Finning's Information Services Management System (ISMS) based on industry frameworks such as ISO27001, NIST, and other applicable controls. This possesses a broad and in-depth understanding of technical and professional skills in many disciplines including: IT Governance, Risk Management, Information Security and Identity Access Management, Security Operations, Security Architecture, Legal and Regulatory Compliance, Audit, Organizational Change Management, Communications, Learning and Development, Analytics, Vendor Management, Policy Management, Project Management, and Data Governance.

Job Description:
  • IT Governance ( 4 0%)
  • I ndirect ownership of all global IT security policies .
  • C ollaborat e with key stakeholders to create , implement and govern the information security policies, standards, controls baseline and controls maturity model ; ensuring corporate and regional regulatory compliance is regularly validated .
  • Strategically build and automate a global GRC solution to record applicable controls and collect and manage required supporting artifacts .
  • Define and deliver appropriate GRC metrics to leadership.
  • Provide guidance towards cyber requirements during vendor procurement through contract reviews.
  • Primary liaison for all external and internal audits , including reviewing requests, monitoring audit execution , and review findings with IT Leadership. The audits may or may not be related to information security.
  • IT Risk ( 4 0%)
  • Develop and maintain global Risk Management framework, process, and r isk r egister monitoring solution.
  • L eadership of R isk M anagement and Compliance assessment team performing RA's and compliance reviews ensuring on-premise information systems and cloud service providers and solutions are adequately protecting Finning and our custom ers information sufficiently.
  • Assign risk weighting on policy exception requests and monitor risk treatment plans to closure.
  • Direct applicable maturity assessment s towards obtaining ISO27001 , 27701 , CSOX and SOC2 Type II certification s .
  • Respond to customer information security and data protection questionnaires.
  • Security Awareness ( 15 %)
  • F ull accountability and program ownership for global cybersecurity awareness, strategic program definition and execution, vendor / contractor procurement and team management .
  • A uthority over all content created and presented, metrics collecting, data analysis, continuous program improvement.
  • Performance Management ( 5 %) - Provide leadership to regional governance, risk, and compliance analyst s . Oversee their goals, performance metrics, and career development.

Specific Skills :
  • Outstanding organizational and leadership skills
  • Proven ability to communicate with people at all levels - from analysts to executives
  • Robust capability of written and verbal communication skills - including the ability to effectively communicate security and risk-related concepts to technical and non-technical audiences with strong interpersonal and collaborative skills
  • Ability to exercise judgement in recognizing scope of work and protecting strategic and sensi tive information
  • Strong skills as a negotiator, to facilitate commitment to, and sign-off on and appropriate document levels of residual risk
  • High level of personal integrity, with the ability to handle confidential, legal, and other sensitive matters professionally and with the proper level of judgment and maturity
  • High degree of initiative, commitment, dependability, and ability to work with little to no supervision
  • Ability to establish and maintain harmonious working relationships with co-workers, staff , and external partners in all locations, and to work efficiently in a professional team environment
  • Ability to develop a comprehensive understanding of Finning's business, market , and industry, and to relate that knowledge weighting of business risk
  • Strong skills in presenting technical information to non-technical audiences
  • Proven competency of statistical data analysis
  • Ability to travel internationally periodically
  • Spanish is an asset, not mandatory

Knowledge :
  • In-depth knowledge of a broad range of standards and frameworks - for example, International Standards Organization (ISO 27000 series ), NIST Cybersecurity Framework, IT Infrastructure Library (ITIL), Payment Card Industry - Data Security Standard (PCI DSS), Bill-198, Personal Information Protection and Electronic Documents Act (PIPEDA), General Data Protection Regulation (GDPR)
  • Understanding of organizational change management models such as PROSCI or ADKAR
  • Proven expertise on multiple Security technologies including Email Management , Firewalls, Antivirus /EDR , Encryption, Proxy, Cloud Security, IoT , SIEM, IPS/IDS, DLP , MFA, etc.

  • Ten to twelve years of experience in IT management or related disciplines (for example, Security Operations, Risk, IT Governance, Audit, and Compliance, etc.).
  • Professional certification in Information Security, Risk Management or Auditing , or working towards. ( such as CISSP, CISM, CISA, CRISC, CIPP, ISO27000 Lead Auditor, etc.
  • Leadership or equivalent (GSLC), Certified Information Systems Security Professional (CISSP)
  • Optional, Obtained GIAC Security Essentials or equivalent (GSEC)
  • Optional, Obtained minimum Lean Six Sigma Green Belt Certification

W e are committed to diversity at Finning, to building and sustaining a diverse and inclusive workforce and as an equal opportunity employer we encourage applications from all qualified individuals. Finning does not discriminate against applicants based on genders, races, national and ethnic origins, religions, ages, sexual orientation, marital and family status, and/or mental or physical disabilities.
Information Technology