Security Third Party Risk Management, Lead

At Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real-time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada.

Want to make a lasting impact amongst a community of creative thinkers, problem solvers, technical virtuosos, and high-performance application developers? We want to hear from you.

HIGH-LEVEL ROLE DESCRIPTION

The Security, Third Party Risk Management Lead is a key resource to ensuring Interac Corp. “Security First” principles are embedded in all environments. The successful candidate will have expert knowledge in assessing, managing, and mitigating risks associated with third-party vendors, suppliers, and strategic partners. The ideal candidate will also have expertise in risk assessment methodologies, regulatory compliance, and vendor management processes. As a member of GRC a dedicated Information Security team, the Security TPRM Lead works closely with senior leadership, team members and staff across Risk, Vendor Management, Audit Legal, IT Operations, and Infrastructure teams to ensure that third-party engagements align with the organizations risk tolerance.

In this role, you are working with the various teams to maintain security posture of the organization. You will manage a TPRM Security Program to ensure that our organization's people, process, and technology are secure, resilient and protected from potential third-party related risks. You want to know as much about the state of the environment as you can, and you can think outside the box when it comes to proposing security solutions which will benefit the organization.

You’re great at…

Managing and enhancing a TPRM Security Program to mitigate security threats emanating from third-party vendors, suppliers, and strategic partner engagements.

Conducting comprehensive risk assessments of third-party vendors, suppliers, and strategic partners including evaluation of vendor security controls. 

Continuously monitoring the performance and risk exposure of third-party vendors throughout the lifecycle of the relationship including oversight of vendor monitoring programs to ensure compliance and attestation with contractual obligations, security standards, regulatory requirements and industry best practices.

Synthesizing KRI’s and KPI’s to report on and assess vendor security posture. Managing risk within organizational risk appetite.

Maintaining comprehensive third-party risk management framework, policies, and procedures.

Examining and interpret project requirement documents and architecture diagrams to identify vendor security risks and ensure security requirements are embedded into projects.

Weighing business needs against security concerns to help guide the business to make practical and informed risk decisions to enhance the security posture of the organization products and services.

Participating and supporting security related engagements such as audits and questionnaires and serve as a key interface with external and internal auditors for vendor security compliance related activities.

Expert knowledge of industry best practices, pertinent regulations and standards bodies such as ISO 27001/2, PCI DSS, CIS, NIST Series, OSFI Guidelines B10 and B13. 

Who are you?

You have a You have excellent knowledge information security with Degree or Diploma in Information Technology and/or business, or combined relevant field experience and certifications CISSP, CISA, CRISC, CISM

You have 7+ years of experience managing an Information Security TPRM within medium to large sized organizations.

You have strong and proven leadership capabilities with communication, coaching, influence, negotiation and conflict resolution.

You have experience working with vendor risk management security tooling capabilities.

You have experience with Information Security practice and processes including vendor threat and risk assessments.

You have experience managing risk throughout the risk lifecycle

You are highly motivated, and results oriented with an ability to handle high pressure situations with key stakeholders.

You have strong program management and service delivery orientation.

You have excellent presentation and communication (written and verbal) skills and an ability to present complex information in a manner suitable for technical and non-technical audiences.

You have excellent knowledge in several areas of information security (domain knowledge)

Eligibility to work for Interac Corp. in Canada in a full-time capacity.

Interac requires employees to complete a background check that is completed by one of our service providers.  We use this service to complete the following checks:

Canadian criminal record check;Public safety verification;Canadian ID cross-check;5-year employment verification;Education verification; andIf applicable, Credit Inquiry and Social Media Check

How we work
We know that exceptional people have great ideas and are passionate about their work.  Our culture encourages excellence and actively rewards contributions with:

Connection: You’re surrounded by talented people every day who are driven by their passion of a common goal.

Core Values:  They define us. Living them helps us be the best at what we do.

Compensation & Benefits: Pay is driven by individual and corporate performance and we provide a multitude of benefits and perks.

Education: To ensure you are the best at what you do we invest in you