Manager, Security Governance, Risk and Compliance - Jobs in Greater Toronto Area, ON

Job Description

Overview:KUBRA is seeking a Manager, Security Risk Management and Compliance to lead our Compliance team!As the Manager, Security Governance, Risk and Compliance, you will provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. This will be done through contibuting subject-matter expertise and leadership to support the implementation of security controls, risk assessment framework, and programs that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances KUBRA’s business objectives.What you get to do every day:

• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data, and ensure information security and compliance with relevant legislation and legal interpretation.
• Define and document business process responsibilities and ownership of the controls.
• Schedules regular assessments and testing of effectiveness and efficiency of controls and create GRC reports
• Update security controls and provide support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
• Lead the development and implementation of the organization-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the Companys information and technology systems.
• Lead the organization-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Assist in the develop and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation and alignment with business objectives.
• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes from customers and external auditors relating to effective security & privacy practices, PCI-DSS, ISO 27001/2, SOC 1/2, SOX etc.
• Interacts in both oral and written communications with all levels of Company staff including; IT, HR, engineering, senior leadership, general counsel, auditors, customers, and technology vendors and contractors, in matters related to information security.
• Work with customers, external auditors, and outside consultants as appropriate on required security assessments and audits.
• Coordinate and track all information technology and security related audits including scope of audits, parties involved, timelines, auditing agencies and outcomes.
• Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provide guidance, evaluation, and advocacy on audit responses.

What kind of person should you be:

• Ability to interact with a broad cross-section of personnel to explain and enforce security measures
• Excellent writing and verbal communication skills, interpersonal and presentation skills and proven ability to influence and communicate effectively with all levels of staff.
• Successful track record of effective project coordination, prioritization, collaboration, organization, and timely project delivery
• Time tested ‘people management’ skills, with an ability to apply critical thinking and proactive demonstration of solutions while dealing with day-to-day problem solving.
• You are proactive and remain informed on evolving industry standards and practices, toward an ability to show forward thinking with new and innovative approaches to security while meeting overarching business objectives
• Ability to manage/oversee both internal and/or external resources, while also being able to nurture talent within assigned team.

What skills do you need:

• A degree in Information Technology, Computer Science or related field.
• 10+ years of relevant GRC experience
• 5+ years of experience managing security teams
• Extensive experience in security and privacy standards, regulations, and laws e.g., PCIDSS, SOC 1/2, ISO 27001/2, GDPR, PIPEDA, CCPA etc
• Extensive experience in IT risk management practices with a focus on security, performance, and reliability
• Knowledge or experience of application and network-based penetration testing tools and methodologies
• Good understanding of current legislation and regulations pertaining to IT security
• Required certifications include: CISM, PCIP, CISA, CISSP

What can you expect from us:

• Award-winning culture that fosters growth, diversity and inclusion for all
• Paid day off for your birthday
• Access to LinkedIn learning courses
• Continued education with our education reimbursement program
• Flexible schedules
• Two paid days for volunteer opportunities

KUBRA is a fast-growing company that delivers customer communications solutions to some of the largest utility, insurance, and government entities across North America. KUBRA offers billing and payments, mapping, mobile apps, proactive communications, and artificial intelligence solutions for customers. With more than 1.5 billion customer interactions annually, KUBRA services reach over 40% of households in the U.S. and Canada. KUBRA is an operating subsidiary of Hearst.Our office is small enough to allow creative individuals to flourish, yet large enough to provide long-term stability. We place a tremendous amount of responsibility on our team members to be productive, focused and self-motivated. We offer a casual work environment, competitive compensation and a stellar benefits program.KUBRA is an equal opportunity employer dedicated to building an inclusive and diverse workforce. We will provide accommodations during the recruitment process upon request. Information received relating to accommodation will be addressed confidentially. We thank all applicants for their interest; however, only candidates under consideration will be contacted.Quick Apply

• Terms & Conditions
• New Privacy
• Privacy Center
• Accessibility

For Job Seekers

• Browse Jobs
• Advanced Job Search
• Emplois Quebec

For Employers

• Post a Job
• SimplyHired OnDemand

Stay Connected