Manager, Governance, Risk & Compliance - IT

Manager, Governance, Risk & Compliance

About Us 

The Ontario Cannabis Store provides safe, responsible access to recreational cannabis for adults 19 and older. We operate the sole legal online store for recreational cannabis in Ontario and is now the provincial wholesaler of cannabis for private retail stores. 

Working at the OCS is a unique opportunity to be part of an agile start-up in a ground-breaking new industry. We’re a diverse team passionate about delivering a great customer experience, working together with mutual respect and building value out of our differences. We’re an inclusive organization that understands that delivering great results comes out of ensuring every voice is heard. 

About the Role 

The OCS is looking for a Manager, Governance, Risk & Compliance (GRC) to join our IT team. The GRC Manager will be responsible for a growing Governance, Risk and Compliance program. This is an exciting opportunity for you to use your agility, collaborative style and excellent communication skills to work with various stakeholders and address in-flight processes, challenges and identified risks.

You will partner with Information Security, Operations, Privacy and Finance, to capture and articulate technical regulatory requirements, in a manner that brings clarity and eliminates confusion. You will use your deep understanding of risk assessment and definition to advise stakeholders on their project challenges. As Manager, GRC, you will require a mix of business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards and a polished ability to communicate with key stakeholders.

About Your Day 

• Responsible for IT procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes.
• Help ensure compliance with applicable regulatory and legal frameworks.
• Assist in the development and monitoring of a compliance framework for OCS' outsourced IT services.
• Assist in the development and monitoring of the data retention program.  Work with business units to ensure data is properly classified.
• Responsible for the identification, tracking and remediation of IT risks.  Ensure alignment to the enterprise risk management framework.
• Responsible for evidence creation, validation, and assessment workflows.
• Assist in the development and oversight of required corrective action plans relating to technical compliance issues.
• Oversee OCS’s IT policies, standards, guidelines and baselines. Ensure policies are reviewed and updated regularly.   Ensure alignment to the enterprise policy framework.
• Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls.
• Support both internal and external audits of IT processes, as required, facilitating discussions, evidence sharing and tracking, and remediation planning.
• Promote and monitor compliance with our corporate-wide IT Security awareness program.
• Creation and maintenance of all related documentation, versioning, and approvals.
• Maintain expertise on GRC trends in order to mitigate potential emerging exposure.

About You 

• Bachelor's degree in Computer Science/Information Technology or a related field of study, or equivalent level of education and experience
• 5+ years of progressive Information Security and/or GRC work experience, preferably at the managerial level
• Knowledgeable of COBIT, CIS, ISO 27001, NIST and related industry frameworks.
• Knowledgeable of governance, risk and compliance systems and how to design a GRC frame work.
• Advanced knowledge of risk assessment design and delivery.
• Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, GCCC, CIPP/C.
• Experience working in regulated industries preferred.

Job Details

City: Toronto, ON 

Employment Type: Full-Time Permanent

Required Travel: Rare 

Application Deadline: July 11, 2019

We are committed to providing an accessible, equitable and inclusive candidate and employee experience. We provide reasonable accommodation throughout the recruitment process and in employment. If you require an accommodation please let us know, we will work with you to meet your needs.