Director, Information Security Governance, Risk, and Compliance (GRC) Program

Join the EDC Team!

At EDC, we support Canadian businesses to succeed globally. We provide the financial tools and expertise they need to explore new markets, reduce risks, all towards the goal of making Canada and the world better through trade. #LI-Hybrid

Position: Director, Information Security Governance, Risk, and Compliance (GRC) Program

Employment Type: Permanent

Compensation Details: Dir. Cybersecurity 20: Salaries typically range from $127,380 to $169,839 annually, based on qualifications and experiences, plus a performance-based incentive.

Location:

• Export Development Canada operates in a hybrid work environment, currently requiring employees to work in the office 2 days per week for individual contributors or 3 days per week for leaders.
• This role can be performed from EDC’s headquarters in Ottawa or from one of our Community Hubs located in Toronto, Mississauga, or Montreal.
• Relocation assistance is available for candidates who meet the eligibility criteria.

About EDC:

At Export Development Canada (EDC), we empower Canadian businesses to succeed globally. As a financial Crown corporation, we offer innovative financial solutions and expert insights to help businesses explore new markets, mitigate risks, and achieve growth.

Why Join EDC?

• Collaborate with a diverse, experienced team – Work alongside talented professionals who bring a wealth of knowledge and expertise to drive success.
• Thrive in a supportive, teamwork-driven environment – Flourish in a workplace where collaboration and mutual support are paramount.
• Impact global communities through sustainable growth in emerging markets – Make a meaningful difference by fostering sustainable development in key regions around the world.
• Recognized as one of Canada’s Top 100 Employers, Best Diversity Employers, and a Top 100 Family-Friendly Employers – Join a company that is celebrated for its commitment to excellence, diversity, and work-life balance.
• Enjoy a comprehensive Total Rewards package:

o Flexible benefits – Our program lets you choose coverage that suits your unique needs, including Medical, Dental, Life, and more. Plus, we offer additional Flex credits to tailor your plan even further.

o Defined Contribution Pension Plan – Secure your future with our generous matching program that helps you save for retirement.

o Competitive vacation program – Enjoy a work-life balance with our competitive vacation program, starting with 4 weeks of vacation and 2 floater days each year for permanent employees.

o Comprehensive wellness programs – Stay healthy and happy with access to wellness initiatives, mental health support, and fitness programs.

o Professional Development – Advance your career with our support for growth and development through conferences, language training, and educational opportunities.

Team and Job Overview:

The Digital & Technology Solutions (DTS) group under the leadership of the Chief Information Officer was established in 2023 with the mission of empowering our customers and colleagues to take on the world, by seamlessly delivering secure and reliable digital experiences. Digital & Technology Solutions has set out to achieve the following objectives for EDC:

• Define, execute, and sustain the integrated technology target state, target data model and technology operations required to enable EDC’s 2030 business transformation.
• Establish and manage the rolling 3 Year Digital Roadmap that sequences the technology outcomes required to achieve the technology target state and facilitate its execution across all domains in the organization.
• Keep pace with industry trends and emerging technologies, ensuring EDC has access to the digital technology tools it needs to stay relevant in the market and grow Canadian global trade.
• Lead and ensure integrated digital, data, infrastructure, and cybersecurity implementations to create excellent customer, user, and employee experiences.

This is your opportunity to join a cybersecurity team with a business-first mindset. You will lead and be part of a growing team of cybersecurity professionals that value transparent communication, collaboration with various internal and external stakeholders, and support innovation while being equally committed to achieving information security risk targets and delivering on the planned security program obligations.

Reporting to the Vice-President & Chief Information Security Officer (CISO), the Director, Information Security Governance, Risk, and Compliance (GRC) Program will be responsible for the development, oversight, and day-to-day execution of cyber risk governance, compliance and overall cyber portfolio/program functions to help achieve, measure and improve the required level of security, aligned to EDCs risk appetite, corporate objectives and external factors.

The Director oversees the administration and facilitation of enterprise and third-party information security standards and controls, risk quantification, tracking and reporting. This includes achieving alignment and collaboration with Enterprise Risk Management (ERM), Legal, Privacy, Audit, Technology and other corporate business and services functions. The leader also has accountability for the enterprise cyber portfolio/program. This function is accountable to administer portfolio/program level governance, including budgeting and portfolio/program KPI/KRI, and overall roadmaps and management reporting.

To be successful the Director and function will need to align and collaborate with key enterprise program management function, for example Enterprise Orchestration & Portfolio Management, Technology Strategy & Governance. The Cyber program function includes oversight and development of the Cyber operating model. In collaboration with other Cyber leaders and CISO, this role will be key to developing and executing enterprise cyber strategies and management capabilities.

What you will be doing:

• Lead organization-wide Cyber GRC program, this requires collaboration with IT, legal, ERM, Audit (internal and external), technology and business functions to develop a cohesive Cyber GRC program.
• Lead the governance and execution of the overall program/portfolio. This is primarily grow and transform initiatives. This will include multiple project managers that are internal and external staff.
• Lead the Cyber Function operating model; how the cyber functions engage, share information, collaborate, and includes budget and financial management.
• Represent Cyber at other leader Risk forums and committees, and ensure information and collaboration is maintained.
• Manage leaders and individual contributors.
• Lead the Risk as a Service capability/tower for risk assessments, and ensuring the enterprise function/service meets targets and has roadmaps for improvements defined and executed.
• Maintain a strategic and comprehensive cyber GRC program that includes policies, standards, processes, and guidelines.
• Stay updated on regulatory changes and industry standards, such as ISO, NIST, GDPR, HITRUST, and HIPAA.
• Provide guidance to team members to ensure compliance with relevant laws and regulations.
• Deliver cyber GRC reports to management, emphasizing compliance status, risk exposure, and mitigation efforts.
• Oversee third-party and vendor cyber risk program as an integral part of the organization’s third-party risk management strategy and residual risk management processes.
• Lead the functions to ensure cyber risk management tools and methodologies to drive productivity gains.

What we are looking for:

• Education: Bachelor’s degree technology, cybersecurity, computer science, engineering, or risk management or business field.
• Domain Experience: Minimum of 10 years’ experience in Governance, Risk, and Compliance (GRC), in a combination of risk management, information security, and IT roles.
• People leadership experience: Minimum 3 years’ of demonstrated experience leading a distributed and hybrid office team of leaders and individual contributors.
• Operational leadership experience: Experience leading teams in handling both legacy and emerging technologies to manage business risk and enforce security controls.
• Functional experience: Minimum 5 years’ demonstrated experience leading corporate cyber and risk management functions within a managed service and outsourced model.
• Program management experience: Project, Program and Portfolio management experience leading programs with multiple initiatives and cross-functional stakeholders.
• Vendor management capability: Strong capabilities as a contract owner and ability to maximize value from vendors.
• Framework knowledge: Understanding of frameworks, regulations, and laws such as ISO, NIST, HIPAA, HITRUST, GDPR, and GLBA.
• Domain knowledge: Knowledge of Governance, Risk, and Compliance (GRC) for cloud computing, including validation of security configurations, resiliency, and data protection.
• Tools: Proficient in Governance, Risk, and Compliance (GRC) tools for tracking and managing compliance, conducting risk assessments, and reporting.
• Initiative: Commitment to sharing up-to-date industry knowledge with the team to elevate overall Cyber Governance, Risk, and Compliance (GRC) program expertise.
• Communication skills: Excellent written and verbal communication skills for both business and cybersecurity contexts; Ability to effectively relay key messages and asks to senior management and executives.
• Language: Bilingual in both official languages (French and English).

What will make you stand out:

• Advanced studies: Master’s degree in technology, cybersecurity, computer science, engineering, or risk management or business field.
• Certifications: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control) or CGRC (Governance, Risk and Compliance Certification).

Eligibility:

• EDC is dedicated to Fair Employment Practices. Applicants must be Canadian citizens or hold valid permanent residency cards at the time of application. Preference will be given to candidates who are legally able to work in Canada (Canadian Citizens or Permanent Residents). Candidates must also meet the government security screening requirements.

This position is open to individuals who meet all the essential criteria outlined above and submit their applications by the closing date. Ready to make a difference? This is your chance to join a dynamic, growing team and leave your mark on our organization, development finance, and the world. Apply today!

Want to learn more about EDC? Check our website here https://www.edc.ca

EDC's Commitment to Employment Equity

Export Development Canada (EDC) is dedicated to fostering employment equity and building a diverse workforce. We are committed to creating a safe and inclusive environment that respects people from all cultures, backgrounds, and abilities. At EDC, we nurture a culture of inclusion and belonging where everyone has equal opportunity to grow, develop, succeed, and be their truest selves.

We actively encourage applications from women, Indigenous peoples, visible minorities, persons with disabilities, and members of the 2SLGBTQI+ community.

Should you require any accommodation during the recruitment and selection process, please let our Recruitment team know.

Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at EDC; however, only those candidates who are selected for an interview will be contacted.