Senior Information Security Specialist, Governance and Compliance
What you'll do
Reporting to the AVP, Cyber Governance Risk and Compliance, the Senior Information Security Specialist, Governance and Compliance will lead the charge in maintaining cyber security policies and standards, responding to regulator and auditor inquiries, and providing an advisory function to the business surrounding cyber security governance.
Provide senior level advisory services to cybersecurity, technology teams, and business team members, as required
Maintain cyber security policies and standards
Respond to external inquires regarding cyber security (e.g. ESG, regulators, etc.)
Analyze and assess cyber security related business scenarios and prepares/presents position papers providing risk-based recommendations to assist the leadership team in making informed decisions
Oversee and provide guidance on the cyber security configuration compliance management program for both on prem and cloud environments
Oversee and provide guidance on the cyber security vulnerability, configuration & patch remediation management programs
Oversee and provide guidance on the Cloud security compliance management program
Design and perform annual reviews of configuration benchmarks for teams to follow for new and existing systems
Manage the cyber security policy exemption management processes by assessing policy exception requests, maintaining the exception workflows, and updating and keeping current the exception database
Keep current with ongoing trends and changes within the cyber security community
What you bring
University degree preferably in an IT related discipline
CISSP, and/or CISM, and/or CISA, and/or CRISC designations would be an asset
8-10+ years experience in information security, and/or IT Audit/Compliance, and/or external audit
Strong understanding of IT, cloud and cyber security concepts and best practices
Understands cyber security risks and control frameworks including NIST CSF, CIS, COBIT 5, and ISO 270001
Experience with security assessment tools such as Tripwire, Nexpose, MS Defender, McAfee EPO, Kenna, etc.
Understanding of Agile concepts and practices
Ability to communicate and influence effectively at all levels from technical staff to company leadership team
Proven ability to weigh business needs with information security priorities and make sound risk-based judgement calls
Experienced with analyzing and assessing cyber security related business scenarios, performing risk assessments, and preparing position papers outlining sound, risk-based recommendations
Experienced with analyzing and assessing cyber security policy exception requests and providing risk-based recommendations
Experience overseeing cyber security configuration compliance programs
Experience overseeing cyber security vulnerability & patch management programs
Experience overseeing Cloud security compliance management programs
Experience with developing security baselines based on industry accepted CIS benchmark, MS Azure security benchmark, PCI DSS benchmark, etc and conduct regular reviews to update existing custom baselines
Experience with Microsoft Azure Portal/Security Center to monitor and manage vulnerabilities, security policy compliance and all outstanding Microsoft recommendations
Familiar with KQL (Kusto query language) to develop scripts to query Microsoft Azure policy database to report compliance status
Technical knowledge including Linux, Windows, AIX, databases, network and security appliances and firewalls/IDS/IPS, web and cloud-based applications, secure coding practices, and cloud security
Highly proficient with MS Office suite of products
Hybrid
We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.
About Us
Canadian Tire Corporation, Limited ("CTC") is one of Canada's most admired and trusted companies. With more than 90 Owned Brands, 1,700 retail locations, financial services, exemplary e-commerce capabilities, and exciting market-leading merchandising strategies. We dream big and work as one to innovate with purpose for our customers at every level of our business, investing in new technologies and products, and doubling down on top talent to drive the company forward. We offer competitive salaries and wages to CTC employees, as well as store discounts, supported learning through our Triangle Learning Academy, Canadian Tire Profit Sharing, and retirement and savings programs for eligible employees. As part of our enhanced flex benefits program, we offer mental health benefits in the amount of $5,000 per year for benefits-eligible employees and their families, including total well-being, and mental health tools and resources for all employees. Join us in helping to make life in Canada better through living and working our Core Values: we are innovators and entrepreneurs at our core, outcomes drive us, inclusion is a must, we are stronger together and we take personal responsibility. It is an especially exciting time to join CTC and its family of companies where career opportunities are wide-ranging! Join us, where there's a place for you here.
Our Commitment to Diversity, Inclusion and Belonging
We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better.
Accommodations
We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.