Top Benefits
About the role
Reporting to the Senior Manager, IAM & GRC, the Manager – IT Governance, Risk and Compliance plays a key role in ensuring information security and compliance in the 407ETR by being responsible for elaborating and maintaining thorough internal and external audits, vendor due diligence program, and security risk management program. With the collaboration of relevant stakeholders, they develop, maintain and update all IT Security related policies, and control processes within the 407. The incumbent is an experienced professional with expertise and passion in leading, improving organizational processes to ensure Compliance and Risk Management. The Manager will need to balance information security risk and compliance requirements with business enablement.
Responsibilities
- Drive change and leadership best practices. Draws upon and supports corporate programs to bring consistency to our people strategy. Provides input and direction on future talent programs. Supports Diversity Equity and Inclusion while establishing trust and transparency in a safe and productive work environment.
- Monitor changes or advancements in emerging technologies to gain competitive advantage within information security and risk management.
- Work with IT and the business to assess, design and implement stainable security solutions, operating processes and people models to address key and evolving security risks.
- Work closely with business units to achieve compliance with requirements and to address related questions and issues.
- Ensure standards, processes, procedures, and associated metrics are documented and met.
- Consult with Application Security, Risk and Controls (Access, Process control).
- Facilitating and preparing and supporting internal and third-party audits.
- Conduct risks assessments.
- Conduct tabletop exercises and work with incident response plans and procedures.
- Assist with Disaster Recovery and Business Continuity planning initiatives.
- Perform assessments and associated remediation activities to ensure systems and controls are configured in accordance with established policy, best practice guidelines and designated compliance frameworks.
Risk Management:
- Develop and improve information risk management strategies and processes.
- Manage and perform risk assessment initiatives, risk registry, etc.
- Enact risk rationalization and implementation of mitigation strategies and monitoring across IT.
- Maintain information risk tolerance threshold metrics and provide guidelines on ensuring information risk exposure is within tolerance limits.
- Identify and communicate issues and risks and work with cross-functional teams to establish risk mitigation strategies where applicable.
Compliance:
- Ensure compliance adherence across programs and initiatives in respect to legislation and regulation, i.e. PCI DSS.
- Perform assessments of technology solutions, third parties, etc., ensuring compliance to the defined security policies, standards and procedures.
Governance:
- Assist the development and maintenance of 407 ETR security policies, procedures and related documents.
- Work on governance frameworks, work with IT Leadership in order to upscale/improve governance methodology and reporting.
- Oversee information security governance related initiatives.
- Assist in the development and maintenance of a Data Governance program including Integration, Classification, Storage and Quality management
Qualifications
- Minimum of 7 years of IT security, Information Risk Management or related work experience
- College Diploma or University Degree in Computer Engineering, Computer Science, or Audit preferred
- Intermediate to strong working knowledge of O365 and AWS
- Experience with GRC
- One or more of the following or related certifications preferred:
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified in the Governance of Enterprise IT (CGEIT)
- Certified Information Systems Security Professional (CISSP)
- Experience with the following IT Security Frameworks required: Payment Card Industry Data Security Standards (PCI DSS), ISO 27001 / 27002, Control Objectives for Information and Related Technology (COBIT), NIST Cybersecurity Framework preferred
- Familiarity with Agile methodologies such as Lean, Scrum and Kanban preferred
- Demonstrated ability to work with internal stakeholders and external vendors
407 ETR's Information Technology division is responsible for the infrastructure and software to enable the efficient operation of the highway---including toll capture, account management, financials, and data storage/analytics---as well as customer services including call-center, web, IVR and supporting workflows.
About 407 ETR Highway 407 ETR is an all-electronic open-access toll highway located in the Greater Toronto Area in Ontario, Canada. The highway spans 108 kilometres from Burlington in the west to Pickering in the east.
407 International Inc. is the sole shareholder of 407 ETR and is owned by:
- Cintra Global S.E. which is a wholly owned subsidiary of Ferrovial S.A. (48.29%);
- Canada Pension Plan Investment Board (CPP Investments) and other institutional investors (44.20%); and
- Public Sector Pension Investment Board (PSP Investments) (7.51%)
Note: At 407 ETR, we are committed to fostering a diverse, equitable, and inclusive work environment. We value the unique perspectives and backgrounds of all individuals, and we firmly believe that our individual differences make us stronger as a whole. Our commitment to inclusion extends beyond recruitment and encompasses an inclusive workplace culture through raising awareness, ongoing training, and encouraging feedback. We aim to create a safe and supportive environment where all employees can thrive. Accommodation for disabilities or other grounds protected by human rights legislation are available upon request for candidates taking part in all aspects of the employment selection process.
About 407 ETR Concession Company
407 ETR is the world’s first all-electronic, barrier-free toll highway, stretching 108 km from Burlington (in the west) to Pickering (in the east).
Save Time: Taking 407 ETR across the GTA means avoiding congestion. Transit providers and businesses rely on 407 ETR to move people and good quickly across the region.
Safety is our priority: With 24/7 Highway Safety Patrols and Highway Monitoring, we do our best to ensure that help is never far away if you need it. Our partnership with the Ontario Provincial Police helps keep traffic moving safely.
Customer Experience: We're focused on serving you well, both on and off the road. Discovering the latest promotions/offers or planning the cost of an upcoming trip using the toll calculator are just a few reasons to add www.407etr.com as one of your favourites…and you can visit on any device! Log into your web account (or sign up in minutes) to leverage your one-stop shop for many helpful account options like switching to paperless billing or pre-authorized billing, viewing past bills or to pay your current bill.
Caring for your car: Driving at a safe and consistent speed on an excellent and well-maintained highway helps to keep your car efficient and gives you better fuel economy, saving you money on gas and maintenance.
Drive More Save More: Customers are automatically enrolled in ETR Rewards when they drive a certain number of transponder kilometres. The more you drive, the greater your savings. Check out the ETR Rewards page to see how you can get in and what benefits you can receive!
We invite you to explore our website to learn more about our online services, investments to improve traffic flow, interesting facts about the highway, real-life stories from the road and more. Thank you for taking the time to learn about 407 ETR!
Top Benefits
About the role
Reporting to the Senior Manager, IAM & GRC, the Manager – IT Governance, Risk and Compliance plays a key role in ensuring information security and compliance in the 407ETR by being responsible for elaborating and maintaining thorough internal and external audits, vendor due diligence program, and security risk management program. With the collaboration of relevant stakeholders, they develop, maintain and update all IT Security related policies, and control processes within the 407. The incumbent is an experienced professional with expertise and passion in leading, improving organizational processes to ensure Compliance and Risk Management. The Manager will need to balance information security risk and compliance requirements with business enablement.
Responsibilities
- Drive change and leadership best practices. Draws upon and supports corporate programs to bring consistency to our people strategy. Provides input and direction on future talent programs. Supports Diversity Equity and Inclusion while establishing trust and transparency in a safe and productive work environment.
- Monitor changes or advancements in emerging technologies to gain competitive advantage within information security and risk management.
- Work with IT and the business to assess, design and implement stainable security solutions, operating processes and people models to address key and evolving security risks.
- Work closely with business units to achieve compliance with requirements and to address related questions and issues.
- Ensure standards, processes, procedures, and associated metrics are documented and met.
- Consult with Application Security, Risk and Controls (Access, Process control).
- Facilitating and preparing and supporting internal and third-party audits.
- Conduct risks assessments.
- Conduct tabletop exercises and work with incident response plans and procedures.
- Assist with Disaster Recovery and Business Continuity planning initiatives.
- Perform assessments and associated remediation activities to ensure systems and controls are configured in accordance with established policy, best practice guidelines and designated compliance frameworks.
Risk Management:
- Develop and improve information risk management strategies and processes.
- Manage and perform risk assessment initiatives, risk registry, etc.
- Enact risk rationalization and implementation of mitigation strategies and monitoring across IT.
- Maintain information risk tolerance threshold metrics and provide guidelines on ensuring information risk exposure is within tolerance limits.
- Identify and communicate issues and risks and work with cross-functional teams to establish risk mitigation strategies where applicable.
Compliance:
- Ensure compliance adherence across programs and initiatives in respect to legislation and regulation, i.e. PCI DSS.
- Perform assessments of technology solutions, third parties, etc., ensuring compliance to the defined security policies, standards and procedures.
Governance:
- Assist the development and maintenance of 407 ETR security policies, procedures and related documents.
- Work on governance frameworks, work with IT Leadership in order to upscale/improve governance methodology and reporting.
- Oversee information security governance related initiatives.
- Assist in the development and maintenance of a Data Governance program including Integration, Classification, Storage and Quality management
Qualifications
- Minimum of 7 years of IT security, Information Risk Management or related work experience
- College Diploma or University Degree in Computer Engineering, Computer Science, or Audit preferred
- Intermediate to strong working knowledge of O365 and AWS
- Experience with GRC
- One or more of the following or related certifications preferred:
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified in the Governance of Enterprise IT (CGEIT)
- Certified Information Systems Security Professional (CISSP)
- Experience with the following IT Security Frameworks required: Payment Card Industry Data Security Standards (PCI DSS), ISO 27001 / 27002, Control Objectives for Information and Related Technology (COBIT), NIST Cybersecurity Framework preferred
- Familiarity with Agile methodologies such as Lean, Scrum and Kanban preferred
- Demonstrated ability to work with internal stakeholders and external vendors
407 ETR's Information Technology division is responsible for the infrastructure and software to enable the efficient operation of the highway---including toll capture, account management, financials, and data storage/analytics---as well as customer services including call-center, web, IVR and supporting workflows.
About 407 ETR Highway 407 ETR is an all-electronic open-access toll highway located in the Greater Toronto Area in Ontario, Canada. The highway spans 108 kilometres from Burlington in the west to Pickering in the east.
407 International Inc. is the sole shareholder of 407 ETR and is owned by:
- Cintra Global S.E. which is a wholly owned subsidiary of Ferrovial S.A. (48.29%);
- Canada Pension Plan Investment Board (CPP Investments) and other institutional investors (44.20%); and
- Public Sector Pension Investment Board (PSP Investments) (7.51%)
Note: At 407 ETR, we are committed to fostering a diverse, equitable, and inclusive work environment. We value the unique perspectives and backgrounds of all individuals, and we firmly believe that our individual differences make us stronger as a whole. Our commitment to inclusion extends beyond recruitment and encompasses an inclusive workplace culture through raising awareness, ongoing training, and encouraging feedback. We aim to create a safe and supportive environment where all employees can thrive. Accommodation for disabilities or other grounds protected by human rights legislation are available upon request for candidates taking part in all aspects of the employment selection process.
About 407 ETR Concession Company
407 ETR is the world’s first all-electronic, barrier-free toll highway, stretching 108 km from Burlington (in the west) to Pickering (in the east).
Save Time: Taking 407 ETR across the GTA means avoiding congestion. Transit providers and businesses rely on 407 ETR to move people and good quickly across the region.
Safety is our priority: With 24/7 Highway Safety Patrols and Highway Monitoring, we do our best to ensure that help is never far away if you need it. Our partnership with the Ontario Provincial Police helps keep traffic moving safely.
Customer Experience: We're focused on serving you well, both on and off the road. Discovering the latest promotions/offers or planning the cost of an upcoming trip using the toll calculator are just a few reasons to add www.407etr.com as one of your favourites…and you can visit on any device! Log into your web account (or sign up in minutes) to leverage your one-stop shop for many helpful account options like switching to paperless billing or pre-authorized billing, viewing past bills or to pay your current bill.
Caring for your car: Driving at a safe and consistent speed on an excellent and well-maintained highway helps to keep your car efficient and gives you better fuel economy, saving you money on gas and maintenance.
Drive More Save More: Customers are automatically enrolled in ETR Rewards when they drive a certain number of transponder kilometres. The more you drive, the greater your savings. Check out the ETR Rewards page to see how you can get in and what benefits you can receive!
We invite you to explore our website to learn more about our online services, investments to improve traffic flow, interesting facts about the highway, real-life stories from the road and more. Thank you for taking the time to learn about 407 ETR!