Information Technology IT COMPLIANCE Manager

  • Category
    Information Technology - Security
  • Job type
    Direct Hire
  • Location
    Ottawa, Ontario

PERMANENT OPPORTUNITY Information Technology (IT) Compliance Manager. Reporting to the Chief Information Security Officer and Director, Information Technology, the successful candidate will take a lead role in IT Governance, IT Compliance Management, IT Risk Management, Data Privacy and Training and Awareness, and will ensure that the organization establishes the appropriate policies and procedures to support its compliance and risk management efforts. Flexibility to shift hours will be required to provide response to critical issues and events that occur outside of normal work hours. Essential functions: IT Governance Develops, updates, reviews, implements, maintains and enforces security policies, procedures and standards; Ensures that policies meet ISO27002, PCIDSS and other compliance regulations that the organization must adhere to; Aligns security procedures and standards with industry best practices such as NIST and CIS; Stays uptodate and informed on developing regulatory concerns and changing IT and information security trends; and Interfaces with IT and business partners to provide guidance and support. IT Compliance Management Performs security and compliance assessments on new and existing systems, processes, technology; Supports internal and external audit processes for relevant compliance concerns including PCIDSS, ISO27001, GDPR; Works with various business units to ensure controls are adequate, appropriate and effective; Performs periodic gap assessments to validate compliance on an ongoing basis; Participates in disaster recovery and business continuity planning; and Develops methodologies to audit, benchmark and report compliant status. IT Risk Management Performs periodic security assessments on new and existing systems, processes, and technology; Supports vendor duediligence processes and helps to lead and define overall thirdparty risk management efforts; Performs business impact analysis and assists with development IT Risk Register; Maintains, updates the IT Risk Register and coordinates remediation with risk owners; Manages the organizations Data Governance Lifecycle (discover, remediation, asset registry, data flow mapping); Performs Privacy Impact Assessments (PIA) for new and existing projects\systems; and Supports the organizations vendor management processes by performing Vendor/3rd Party Risk Assessments. Data Privacy Performs Privacy Impact Assessments (PIA) for new and existing projects\systems; Leads data privacy projects and efforts such as but not limited to Data Discovery, Data Flow Mapping, Data Classification, Data Retention, Data Privacy Risk Assessments, etc.; Ensures compliance with data privacy laws and regulations; Coordinates with Legal on Data Privacy incidents, issues and concerns; and Keeps abreast with Data Privacy technologies, trends and best practices. Training and Awareness Develops and implements innovative training solutions, i.e. cyber security and data privacy awareness programs for all employees and contractors; and Tracks and monitors training and awareness participation. The successful candidate will have a business acumen partnered with a dedication to validating compliance. He/she will have a strong work ethic with attention to detail, and an analytical mind that is able to see the intricacies of procedures and regulations. The successful candidate will be able to conduct compliance risk assessment training workshops. He/she will be able to conduct internal reviews and audits; the successful candidate will be able to develop risk management strategies. The successful candidate must have strong team orientation. He/she will be able to work independently and provide timely follow through on projects. The successful candidate must be able to prioritize and manage multiple tasks efficiently and excel in a fast paced and rapidly changing environment. He/she must have superior coordination and time management skills. He/she must have solid negotiation skills and the ability to communicate with all levels of personnel. These abilities, as well as a professional, positive attitude will ensure success in building positive working relationships in a team environment. Qualifications for this position include: Completion of a threeyear diploma/degree in a relevant field of study that may include, but is not limited to Information Technology, Information Systems, or Engineering; Possession of a CISSP certificate or obtain within twelve (12) months from hiring date; Significant experience with legal and regulatory compliance standards such as PCIDSS, GDPR, ISO27001, etc.; Experience with IT GRC/IRM platforms and various risk methodologies; Experience with IT governance, risk, and compliance management; and Excellent communication and written skills in English. The following will be considered as assets: GIAC Certifications, IT Security Certifications; Strong understanding of fundamental information security concepts and technology; Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework; and Bilingualism (English and French).
Candidates must be in possession of a Class G drivers' license (province of Ontario or Qubec equivalent) along with a driver's abstract (issued within the last month) and must be in possession of or be able to obtain a security clearance for an Airport Restricted Area Identification Card (RAIC).
613-599-3151 Ext 231

  • Apply with Adecco

Reference number CA_EN_1_021956_12253650

Accommodation will be provided in all parts of the hiring process as required under Adecco’s Employment Accommodation policy. Applicants will need to make their needs known in advance to their Adecco representative.

Someone from Adecco/Roevin just contacted me, how do I tell if it’s legit or a scam? Here's how to protect yourself →