IT Security, Risk and Compliance Manager – EZRA

IT Security, Risk and Compliance Manager – EZRA

Location: Toronto, Canada – Hybrid (3 days per week in office)

Who we are:
Imagine what even the world’s finest organizations could achieve if all of their employees were coached to be their absolute best. At Ezra, we’re on a mission to do just that. We believe, through coaching, people get to know themselves, their goals, weaknesses, and hang-ups. Once they know all that, they can build on the good stuff and work on the rest. This mindset applies not only to our clients but is manifested in our own Ezra family. We believe we are changing people’s lives. A happy team is a productive team. We want our people to care and be proud of what they do. We also practice what we preach – every member of our teams gets to experience the superpower that is coaching for themselves, amongst some other incredible perks. Ezra is the fastest-growing global virtual coaching company, supporting some of the world’s leading companies. If all of this resonates, Ezra just might be the place for you.

About the role:
The primary purpose of the role is to support the Head of IT Security Risk and Compliance to ensure the Confidentiality, Integrity, and Availability of the EZRA business Information Assets. This will be achieved by implementing and continuously improving an effective and efficient Information Security Management System in line with Group IT Security Strategy, Architecture, and Standards within EZRA. The job holder will also be responsible for publicizing the Adecco IT Policy Framework throughout the EZRA business to ensure that all projects are delivered in accordance with Group Standards.

An important component of this role will be to respond to client questionnaires and contract reviews relating to IT Security, Risk, and Compliance, and conduct IT Security reviews for proposed IT vendors. The successful candidate will manage communication with clients and colleagues relating to this work and be responsible for achieving and reporting against Service Level Agreements. They will maintain a library of resources to ensure that responses to common questions are managed efficiently. As part of the process, remediation requirements will be recorded and tracked. The successful candidate will also support and co-ordinate activities to maintain ISO 27001 certification as part of the Group’s program and initiate and maintain System and Organization Controls (SOC reporting) as required. The job holder will monitor and manage all security incidents for EZRA, lead investigations on behalf of IT Leaders, and co-ordinate remedial actions to prevent recurrence wherever possible.

What you’ll do:

• Be the recognized expert in the field of Information Security within the EZRA organization.
• Act as the main point of contact and coordination for all client IT Security questionnaires, contract reviews, and IT vendor reviews for EZRA.
• Complete responses to client questionnaires in a timely manner and ensure that service level agreements are achieved.
• Review and mark-up IT security components of client contracts in a timely manner to ensure that service level agreements are achieved.
• Review and document outcomes for IT Security reviews of vendors in a timely manner and ensure that service level agreements are achieved.
• Maintain and develop the processes to receive, prioritize, complete, and communicate responses to client IT Security questionnaires, IT Security reviews of client contracts, and proposed IT vendor reviews.
• Maintain records of client remediation requirements and progress towards resolution.
• Prioritize incoming questionnaires and vendor reviews based on business value, reputational importance, and project deliverables.
• Continuously improve the library of resources containing common responses to standard questions and supporting evidence for client questionnaires.
• Prepare reports and analyses documenting progress and adverse trends, make appropriate recommendations, and draw conclusions when needed.
• Liaise with other Assurance functions (Internal and External Auditor), coordinate security audits, and ensure that remediation plans are defined and implemented in line with agreed dates.
• Participate in discussions around new/existing initiatives, assessing and consulting from Security, Compliance, and Risk perspectives.
• Provide support as required for all other security-related matters as reasonably requested by the Line Manager.

About you:

Education and certifications/training:

• University degree preferably in a technical subject or comparable education
• CISSP, CISA, CISM or similar certification preferred

Professional & Leadership experience:

• 3-5 years’ experience in a similar role within a Global Organization
• Demonstrable knowledge of Risk Management frameworks and Information Security standards (such as NIST 2, ISO 27001, SOC2, COBIT).
• Demonstrated experience and exposure in the international Security, Risk, and Compliance arena.
• Ability to communicate technical issues in simple terms to support a variety of technical and non-technical business roles.

Personal attributes:

• Strong collaborator, ability to build pro-active, co-operative working relationships with customers, peers, and key stakeholders based on respect and teamwork.
• Able to share feedback in a constructive manner to cultivate a continuous improvement culture.
• Ability to deliver successful outcomes under pressure and to manage crisis situations effectively.
• Able to evaluate information, identify key issues, and formulate conclusions based on sound, practical judgment, experience, and common sense.
• Experience with, and sensitivity for, diverse cultures.

Language requirements:

• Ability to conduct both written and verbal business communication effectively in English is essential.
• Any additional language is a plus especially French, Spanish, German, or Italian.

What we offer:
We want all candidates to know they are valued. We push positivity. We are an environment of innovation, collaboration, and growth. Drive impact with your ideas by being a part of the greater discussion in a safe, supported place. Be accountable, ambitious, owning your work and goals. When everyone takes responsibility for their success, we all succeed. Finally, keep it simple! Enjoy the ride and the perks with your own world-class coach, weekly well-being hour, and learning and development fund. We are an equal opportunity employer dedicated to having a thriving, diverse team where everyone has a voice and feels able to be themselves. We believe that through valuing our uniqueness and respecting our differences, we can achieve more and that diversity adds to our culture. Attracting and developing a diverse workforce that reflects the communities in which we serve is essential to us.

#J-18808-Ljbffr

Source ⇲