25 York Street, Toronto, Ontario, M5J 2V5
The decision to join a company is a big one. We have opportunities for hard working, energetic and reliable people just like you.
Why is this role important?
Reporting to the VP Cyber Security and Technology Risk, this Senior will play a key role focused on PCF&S in developing and contributing to the cyber security strategy, contributing to the security related policies and standards, leading the development, recruitment and retention of a world class security team, ensuring PCF&S compliance, overseeing risk and assurance assessments, and developing security programs and requirements to manage risk. Assurance activities will assess risk around information and system assets, technology, vendors, and service suppliers all in support of achieving PCF&S business objectives. Location will mostly be at 25 York Street and Lakeshore/Bathurst offices
WHAT YOU WILL DO:
Build a team and strategy to establish best in class capabilities for cyber security strategy, governance, and cyber risk management that leverage industry best practices in support of the PCF&S business objectives. You will work with executives and directors from PCF&S and across the Loblaw family of companies and key suppliers, partners, vendors, and managed service providers. A commitment to championing diversity targets will be important to creating an open and inclusive environment. You will bring a strong network of security companies, business leaders and academia to help lead and build the capabilities to react swiftly and contain cyber threats effectively.
Your knowledge of Canadian financial services combined with deep knowledge of security technologies, security frameworks, privacy, security threats, IT and security operations processes, incident management, vendor assurance, project assurance, PCI-DSS compliance and OFSI regulations will be key to success. Supplier and contract management skills will be critical to ensure valued delivery and execution of managed security services to PCF&S.
Your team will support colleague and vendor teams that operate 7×24 across Canada, and work closely with other LCL stakeholders including: Privacy Office, Loss Prevention, Audit, Risk Management, Applications, Network, Human Resources and Legal. Specifically building and maintaining an internal PCF&S community of executive and director level stakeholders around cyber security governance, strategy and risk management.
To support this mandate, you will work with executive and director stakeholders from PCF&S and across the LCL family to develop and maintain policies, standards, metrics, security scorecards, awareness, training, incident response playbooks, including practice drills, table top exercises, and establish all of the communications protocols, procedures, templates for consistent flow of the right information to the right people from front line staff and up to the board.
Included in the mandate of your team will be to establish capabilities for data governance, data classification, effective controls on hashing, tokenization, encryption, as well as data loss prevention. This will involve building and maintaining an inventory of data assets and establishing the role of data ownership specifically for the businesses that comprise PCF&S.
Development of key performance and risk indicators for executive and board level dashboards and control maturity scorecards will be developed. Successful execution of these will contribute to the PCF&S brand, compliance to relevant standards, regulations and laws covering privacy, payments, and financial results.
You will be the prime representative for PCF&S at the Monthly LCL Security Council as well as providing advisory support and escalations to specific business units across the LCL family as required.
WHAT YOU WILL NEED:
- A Bachelor's Degree or Diploma in a relevant area of study with a preference for Computer Science or Computer Engineering
- Professional Security Certification (e.g. CISSP, CISM)
- Minimum of 10 years in Information Security
- Minimum of 5 years in the financial services, preferably a major Canadian financial institution.
- Experience leading teams and large security programs in large organizations
- Deep technical knowledge on IT technology, security technology, security threats and trends
- Experience building security teams, and implementing security technologies
- Skills in Cloud infrastructure, Network, Operating systems, and software development lifecycle
- Knowledge around identity management, authentication, and encryption
- Knowledge around data analytic platforms, specifically for security use cases
- Knowledge of OSFI regulations, banking best practices and Canadian regulatory regime
WHO YOU ARE:
- Curious and passionate for continuous learning
- Critical thinking ability, analytical mindset and professional judgement
- Communication skills – presentation, presence, impact
- Team player – humble, collaborative, adaptive
- Ability to work in a fast paced agile work environment
- Professionalism, integrity, and respect for confidentiality
- Honest and ethical with unquestionable integrity
- Drive change, be confident, resilient and persistent.
- Demonstrated emotional maturity, self-awareness, and learning, with a strong capability in building interpersonal trust
How You’ll Succeed:
At Loblaw, we seek great people to continually strengthen our culture. We believe great people model our values, are authentic, build trust and make connections.
If that sounds like you, and you are open-minded, responsive to change and up to the challenges provided in a fast-paced retail environment, apply today.
In addition, we believe that compliance with laws is about doing the right thing. Upholding the law is part of our Code of Conduct – it reinforces what our customers and stakeholders expect of us.