Information Security Compliance Officer Jobs

5+ years of experience working with applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations

Demonstrated project management, organizational, and facilitation skills.

5+ years of experience in Information systems auditing, monitoring, controlling, and assessment process

CISSP, CISM, CISA, ITIL, or GIAC certifications desired.

Map and maintain common controls framework and control scope/applicability for a portfolio of compliance initiatives and information security policies.

Provides dashboards and reports based on regular assessments and testing of the effectiveness and efficiency of controls.

Good interpersonal, leadership and relationship-building skills to deal with senior levels of management, service providers and local and remote business partners

10+ years of experience working in information security controls, information technology audit, or security risk management.

Deep technical knowledge with Cloud Computing Environments, Cloud technology management and procedures, supporting application systems and base infrastructure platforms

Establish and lead all aspects of department procedures, documentation, and training to align with records management policies

Establish and develop GDT's compliance & risk management practices

Collaborate on Global G&C and 2nd line Risk Management partners on key initiatives

• Bachelor's degree and accredited compliance management certification.

• 5 years in Information Security, Cybersecurity, Information Assurance, Risk Management, or equivalent work experience

• Communicating compliance policies and guidelines to Management and designated departments.

• In-depth knowledge of industry compliance requirements and standards.

• Proficiency in compliance management software, like Paradigm 3 and Intellect Compliance.

• Information Security Management Systems (ISO 27001 preferred)

Experienced in developing excellent supply chain management practices

Significant experience of an Information Security function in a Financial Services context

Good knowledge of the practical implementation of information security and risk frameworks such as ISO27001, NIST 800-53 and COBIT

Good knowledge of auditing frameworks such as ISAE3402 and SOC2

Highly experienced in managing client and regulator relationships

Exceptional ability to manage internal stakeholders through a journey of improving information security maturity

Proven experience in security compliance, risk management, and personnel management within a corporate or organizational setting.

Experience in managing and coordinating security personnel, including training, scheduling, and performance management.

Maintain records and documentation related to security compliance activities, personnel management, incident reports, and audit findings.

Familiarity with security controls, vulnerability management, incident response, and security awareness programs.

Conduct regular security risk assessments to identify potential threats and vulnerabilities across the organization's infrastructure, systems, processes, and physical premises.

Manage security vendor relationships, including contract negotiation, performance monitoring, and compliance oversight, as applicable.

Proven experience in relationship and stakeholder management.

Assesses security infrastructure, cloud environments, including access management, firewall protection, and vulnerability assessment and testing and makes recommendations for improvement.

Provides reports to executive management and other stakeholders on IT and security matters,

Coaches and develops team members on risk management.

Post-secondary education in IT or a suitable combination of education and experience.

Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management.

Proven experience in planning, organizing, and developing IT security and facility security system technologies.

Experience in planning and executing security policies and standards development.

Excellent business and technological acumen, leadership style, and organizational skills suited to an environment where multiple projects are run concurrently.

Excellent communications and interpersonal skills.

Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.

University degree or college diploma in Computer Science, Computer Engineering, or a related IT discipline.

- Experience working within risk management and audit

- 3-5+ years of experience working within a technical security background

- Strong communication skills and has the ability to work cross-functionally

- Knowledge of security cloud-based environments such as AWS and Microsoft Azure

- Has worked within compliance previously and understands the foundations of security

- Completed documentation regarding security compliance and protocols

Experience relevant to information security systems and implementation and the demonstrated ability to learn technically complex environments.

Demonstrated solid communication (verbal and written), negotiation and presentation skills.

Experience in a complex, multi-platform IT environment.

Demonstrated leadership and advocacy skills.

Experience involving engagements with senior leaders and decision-makers.

Experience in a post­secondary or public-sector environment.

Demonstrated experience in large-scale incident management.

Develop vulnerability management standards, KPIs, and vulnerability/risk visibility within the organization, coordinating with CISO on institutional efforts.

Manage strategic coordination of incident response efforts for major incidents, including coordination of all operational teams across the university units.

Experience relevant to information security systems and implementation and the demonstrated ability to learn technically complex environments.

Demonstrated solid communication (verbal and written), negotiation and presentation skills.

Experience in a complex, multi-platform IT environment.

Manage day-to-day compliance activities for the IPC

Professional with a minimum of 3-5 years of relevant experience including a position in a financial institution(s), consulting agency

Good knowledge or understanding of Information Security regulations, frameworks and leading practices (such as NIST, ISO, COBIT, SANS, etc.)

Strong technical skills in supporting IAM applications in Windows, Mac OS X & Linux environments

Align IPC practices to IBM Security & Compliance regime

Periodically conducts risk assessments and tests data processing systems

Experience with IT governance, risk, and compliance management.

Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).

Knowledge of risk management processes.

Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders.

Liaise with relevant parties to commission activities relating to contingency planning, business continuity management, and IT disaster recovery.

Significant knowledge of and experience with legal and regulatory compliance standards ISO 27001, GDPR, and PIPEDA.

Define, partner and lead a 24x7 incident management practice and resolution as required including identify and deliver areas of improvement

Lead incident management and resolution as required including identify and deliver areas of improvement.

Knowledge of regulatory requirements such as PCI DSS, SOC 2, and GDPR

Manage the Company's Security Team in Order to:

Ensure compliance with regulatory requirements and industry standards (e.g. PCI DSS, SOC 2, GDPR) and ongoing security assessments

Review and manage security incidents, investigations, and remediation activities and come up with plans for remediation

• Strong leadership, negotiation, and conflict management skills

• Maintain organizations Security Risk Register for effective risk management and operational compliance functions.

• Manage the Security organization, hiring, managing and staffing requirements in line with project objectives

o Security Incident and Event Management (SIEM)

o Privileged Access Management (PAM)

CERTIFICATIONS, LICENSES, REGISTRATIONS, SPECIAL SKILLS

Experience performing risk assessment and management, developing mitigation strategies.

Experience working in the telecommunications industry, with knowledge of network security and operations

Maintain the organizations compliance with the security requirements of Bell customers Contract Security Program.

Develop and implement safeguards and metrics in collaboration with operational and business teams to support client security requirements.

Review and maintain IT system security controls to ensure compliance with industry standards, contract requirements and clauses.

Experience in information security and an understanding of the concepts and principles of information handling and protection.

Demonstrated organizational, project management and documentation skills

Prepare metrics and reports for management on the status of GRC objectives

Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement.

Experience in a remote-first and distributed environment

Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested

Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms

Technical understanding of Identity and Access Management, Endpoint Security, Network Security, and Vulnerability Management.

Develops an understanding of client requirements and uses a logical thought process to develop cutting-edge solutions.

CISA, CISM, CRISC or equivalent certification preferred

Working knowledge of SOC and HIPPA objectives and deliverables

Experience evaluating and defining privacy controls within software applications with respect to GDPR, CCPA, and other emerging state regulations

Requires solid knowledge of laws and regulations relating to information security within both the Banking and Healthcare industries.

- 3+ years of experience in a Compliance/Security Analyst role

- 3+ years of experience working at a large organization, ideally within the Consulting or Banking space

- Experience with AWS Cloud Services, AWS Security Hub, CyberArk, or Wiz

- Experience gathering key performance indicators (KPIs) and key risk indicators (KRIs) to generate reports to illustrate

- Strong knowledge of O365

- Provide periodic feedback as the new cloud services are added for use in BMO