Cybersecurity GRC Director
Role details
Job location
Tech stack
Job description
We are seeking a strategic and visionary leader to join our organization as the director of Governance, Risks, and Compliance (GRC). You will report directly to the Senior Vice President Cybersecurity & Infrastructure. You will act as the global lead and subject matter expert for Governance, Risks, and Compliance strategy and monitor the whole GRC policy for the group. You will act as an expert in GRC strategies, creating and managing a global team of GRC Specialists, contributing to the identification, development, implementation, maintenance and oversight of information security policies, procedures, and processes across the organization in order to reduce risks, minimize incidents impacts, and limit exposure to liability in all areas of financial, physical and personal risks.
You will lead the definition and the implementation of the corporate information security strategy aligned with the Group strategic vision and plan.
You will manage a team of experts responsible for the 3 following topics:
-
Governance
-
Define the policies, procedures, standards and processes to implement the security strategy across the organization and entities of the Group and ensure ongoing maintenance and audit of information security;
-
Define a security control framework and audit requirements to monitor the effectiveness of the security policies, procedures and management framework,
-
Define the framework to assess third party risk management (TPRM) and coordinate the execution;
-
Provide safeguard recommendations and assist the Group's Business and support functions with the implementation of these recommendations stemming from security risk assessments;
-
Ensure that the operational recommendations are followed by the risk owners, in collaboration with the Enterprise Risk Management group, but also assist in planning and sponsor the security awareness program to support continuous training on security related topics.
-
Risks
-
Conduct information security risk assessments, based on a framework which specify how to define, identify and classify critical assets, assess threats and vulnerabilities regarding those assets across the organization, in order to ensure that key risk issues are understood, communicated, and tracked on appropriate risk registers.
-
Promote and facilitate cybersecurity feedback and post-mortem analysis, which allow to identify gaps and generate continuous improvement;
-
Define information security key performance indicators that will ultimately be reported to executive management through dashboards crafted with those purpose;
-
Perform a continuous improvement approach to industrialize the capture of risk information for consolidation, centralization and decision-making process, streamlined across the organization.
-
Compliance:
-
Coordinate security related processes and ensure compliance toward regulatory frameworks such as NIST CSF, NIST 800-171, ISO 27001, encompassing physical protection, premises access, asset protection and digital security;
-
Provide support and collaborative effort to Privacy-related compliance regulations (i.e. GDPR, Data Sovereignty Act, PIPEDA, CCPA, etc…);
-
Optimize continuously the process allowing to track, follow-up and remediate the audit findings from the various audit reports;
-
Represent Information Security within working groups for various projects or initiatives to ensure that information security requirements and frameworks are communicated and respected., The role - Your daily activities will be interesting, stimulating and varied... No two days are alike!
Requirements
- Experience in using frameworks like NIST CSF, NIST 800-53, ISO 27002 and ISO 27005
- Minimum 5 years managing a GRC cybersecurity team
- Minimum 10 years in Cybersecurity working on GRC field in matrixial international organizations
- You have a strong experience in information security governance, consultative stakeholder management, and strategic planning, such as a deep understanding of information security frameworks, processes and best practices
- Knowledge of technological trends and developments in area of information security and risk management
- Softskills
- Fluent in English, fluent in French, oral and written, with impeccable Executive presentation
- Strong presentation skills
- Excellent interpersonal skills - capable to act as a leader, manage a team but also act as a team player to promote the value of security with internal and external senior executives.
- Capable of efficiently managing both direct and indirect employees.
- Strong communication and facilitation skills, with a clear ability to build strong relationships with stakeholders at all levels and explain complex matters in understandable form to general business professionals.
- Proven problem-solving skills and the ability to identify, analyze, and resolve issues, driving solutions through to completion.
- Strong work ethic, professional integrity and the ability to handle confidential matters in a professional manner, applying the appropriate level of judgement and maturity.
- Proactive, hardworking, team player and results oriented.
Benefits & conditions
The team - Our dynamic, multidisciplinary, open-minded and talented team is eager to welcome additional skills to continue to meet the challenge.
75% reimbursement of your monthly or annual transport pass.
Swile Ticket restaurant card
Gym exclusively reserved for the company and made available to employees free of charge.
Sustainable mobility package
Health insurance & Welfare
Employee Savings Plan & Profit Sharing Bonus.
