Director Information & Cyber Security, Risk & Control, and Privacy
Mississauga ON Canada
Fulltime position
Job Description
- Close to or more than 12 years of industry experience working with financial institution in a same or similar role
- Expert in Information Security, with at least one of these certifications (CISM, CISA, CISSP, CCSP), CISM preferred
- Experience with CSAE 3416 SOC 1 and SOC 2 audit controls assessment process
- Expert knowledge of Governance, Risk and Control (GRC) practices
- Expert knowledge of PIPEDA, GDPR and other privacy regulations that apply to financial services
- Excellent interpersonal, oral and written communication skills
- Sound understanding of network and cybersecurity defense mechanisms
- Superior analytical skills; ability to frame key analysis required to address critical business issues
- Ability to establish conducive working relationships with stakeholders across the organization
- Team-oriented, collaborative and flexible
- Ability to address and deliver against multiple and competing deadlines
- Decisive, positive, and get things done attitude
Information and Cyber Security:-
Responsibilities:
- Communicate security requirements as subject matter expert
- Strong knowledge and experience working with Cyber and Information Security technologies to recommend tools to support requirements to support continuous improvements
- Continually assess and align LTIMindtree Canada’s security processes and procedures with the Global Corporate Information Security Manual (CISM)
- Ensure that physical and logical access controls are appropriate for external audit compliance
- Create and maintain security process documentation
- Own the vulnerability management process and track remediation activities for all identified vulnerabilities to closure
- Own the Security Incident Response process and manage the resolution of all confirmed security incidents through to closure
- Provide timely response to client security questionnaires and RFI’s
- Chair monthly cybersecurity dashboard meeting and prepare a monthly Cyber and Information Security metrics presentation for clients
- Prepare and drive to completion annual employee entitlement reviews
- Subscribe to and assess threat intelligence alerts for applicability to the organization
- Document and communicate standard for third-party vendors due diligence security requirements
Risk and Control:-
Responsibilities:
- Strong understanding of risk management methodologies
- Ability to assess risks posed by various security vulnerabilities
- Lead the organization through annual CSAE 3416 SOC 1 and SOC 2 application audits
- Own and maintain Business Continuity Plan
- Maintain enterprise risk management framework to identify, access and track Enterprise Risks
- Schedule, track and report application and infrastructure Vulnerability Assessments and Penetration Testing (VAPT) results
- Schedule and manage to completion annual cybersecurity awareness training
- Communicate and maintain security process standards documentation
- Roll out new or refined process requirements to support continuous improvements pertaining to risk management
Privacy:-
Responsibilities:
- Serve as Privacy Officer and respond to any privacy concerns / questions raised by staff and clients
- Maintain privacy policy to ensure compliance to regulatory changes. Complete compliance gap analysis reports as required
- Serve as subject matter expert on privacy regulations
- Review data leak reports to ensure that there are no privacy breaches
Read Full Description