Manager, IT Governance, Risk and Compliance

Athabasca University's Department of Information Technology is currently recruiting for a Manager of IT, Governance, Risk and Compliance.

This is a permanent full-time position commencing March, 2025.

The Position:

The Manager, IT Governance, Risk & Compliance (GRC) is responsible for overseeing key components of the AU's security program, ensuring the protection of its digital assets and infrastructure and ensuring the avoidance or reduction of impact on the university's core operations from cybersecurity threats. This role involves managing the implementation and maintenance of security policies, and leading a dedicated team focused on IT governance, risk, compliance, security awareness, and training. The Manager, IT Governance, Risk & Compliance collaborates with various departments and external partners to establish effective security risk management measures, coordinates internal and external audits, and oversees the university-wide information security awareness and training program. This position requires strong leadership skills to mentor and manage the security program team, facilitate knowledge sharing, and ensure continuous improvement in security practices.

Duties and Responsibilities:

Strategic Alignment

• Work with the CISO and leadership team to develop and maintain the university's security program, plans and processes ensuring alignment with the university's strategic direction. Provide quarterly reports on the progress and effectiveness of security initiatives.
• Monitor the progress of the information security plan, ensuring that performance is aligned with the objectives. Make suggestions for changes as needed to maintain alignment.

Leadership and Team Management

• Lead, mentor, and manage the security program team, including providing caring and challenging feedback, to foster an environment of trust and continuous improvement.
• Conduct weekly team meetings to review ongoing projects and address challenges, provide one-on-one mentoring sessions to support team members' professional growth, and implement a feedback system for continuous performance improvement. Track team progress and report monthly on key performance indicators (KPIs).
• Facilitate regular training sessions and mentorship opportunities to facilitate knowledge sharing and technical and personal development within the team.
• Lead the recruitment process for new staff members or contract outside services to supplement the team's capabilities when needed.

IT Governance, Risk, Compliance and Security Awareness/Training

• Lead the Security GRC Team in establishing operational goals and priorities.
• Oversee the review, implementation and ongoing maintenance of security policies, standards and procedures.
• Work with the CISO's leadership team to define and develop the security program portfolio of services, then oversee its socialization and communication.
• Build, prioritize and maintain business relationships with staff to help ensure security services and processes are well-communicated and integrated within the organization.
• Coordinate and lead meetings with the Security Committee to help ensure good governance of the security program.
• Working with the CISO, lead the maturation of the security risk management strategy, process and program. Including maintenance of the cybersecurity risk register and other related artifacts.
• Support the departments and faculties in the identification and assessment of cybersecurity-related risks, working hand in hand to identify mitigation requirements, and ensuring transparency and clarity in the risk management decision-making process.
• Working closely with the Security Operations Manager and CISO to provide a realistic overview of risks and threats to AU. Lead the documentation of security controls and their effectiveness.
• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Coordinate internal and external IT and Security audits, working closely with internal and external audit functions.
• Ensure that controls implemented, adequately address security and compliance requirements.
• Oversee the implementation of a university-wide information security awareness and training program.

Collaboration

• Work closely with all departments (IT, University Relations, Enterprise Risk Management, HR, Privacy, Finance, Internal Audit etc.) and faculties, to ensure a cohesive approach to security. Measure the effectiveness of collaborative efforts through inter-departmental feedback and project outcomes.
• Manage the process of gathering, analyzing, and assessing the current and future threat landscape.

Reporting and Metrics

• Work closely with the Security Operations Manager and CISO to develop and report on cybersecurity metrics to Senior Leadership and the Board.
• Generate regular reports on security program activities, goals, and performance metrics for senior management and stakeholders. Detailing security program status and providing recommendations for improvements.

Future Readiness

• Stay informed on emerging business functions and technologies that impact information security and incorporate them into the program as needed.
• Propose changes to existing policies, standards and procedures to ensure operating efficiency and regulatory compliance.
• Work with the CISO to develop budget projections based on short and long-term goals and objectives.

Contact Information

For further information regarding this opportunity, please contact Nickki Farell-Myles, Chief Information Security Officer, at nfarrellmyles@athabascau.ca.