The Bank of Canada has a vision to be “a leading central bank—dynamic, engaged and trusted—committed to a better Canada.” No other employer in the country offers you the unique opportunity to work at the very centre of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in an environment where we are reinventing central banking, renewing ways of doing business and reinforcing a culture of innovation.
The Senior Security Risk and Compliance Officer provides security-related risk assessment and compliance verification functions at the Bank relating to all the Bank’s critical assets. Following a defined security risk management approach, assists all Bank business groups in identifying and categorizing critical assets (as defined by the Business Impact Analysis), identifying appropriate security in contracting clauses, and implementing the appropriate safeguards to protect the confidentiality, integrity and availability of Bank critical assets. Following a defined security compliance approach, perform security compliance-related assessments and guidance based on the results of security risk assessments, security policy, and security testing at the Bank relating to all the Bank’s critical assets.SGRC has three pillars:1. Enterprise Security Governance: Corporate Security Policy and directives development; security awareness program and serving as the single point of holistic security risk reporting.2. Enterprise Security Risk Assessment: Provision of information, IT, personnel, and physical security risk assessments, providing recommendations on security controls to mitigate risk and managing the central security risk registry.3. Enterprise Security Compliance: Security Compliance Program over corporate security policy instruments and risk assessment results.
• responsible for reporting security residual risks to the appropriate stakeholders so they can acknowledge and accept them, and provide a management action plan• conduct security risk assessments including producing statement of sensitivity, performing complex security risk calculation and writing residual security risk reports• register residual security risks to critical Bank processes and sub-components as defined by the BIA, and track remediation and mitigation activities• provide a key enterprise-level security compliance second-line of defense challenge function in the security domain, and evaluate compliance against established corporate security policy instruments, new security testing programs, and of new business solutions and contracts to security risk recommendations and the efficiency of security controls that are applied to mitigate risks to critical business processes, and identify any deviations from baseline compliance requirements and document in a risk registry• understand and apply compliance against security policies, directives, standards, guidelines and standard operating procedures. Evaluate the security compliance of security solutions to identify deviations from baseline security compliance requirements; assess the effectiveness of controls protecting the security of critical assets and underlying infrastructure and personnel• recommend mitigating control measures to improve security compliance; provide guidance and advice on security compliance to internal Bank employees• serve as the central point of contact with the internal Audit Department and lead CSS remediation action plan
• university degree in business, computer science or engineering, or security • six to seven years of progressively more responsible and relevant experience in a combination of security policy analysis, communications, audit and compliance, business analysis, security analysis and/or information technology security, physical and personnel security, travel security, broad infrastructure technology (network, storage, server, etc.), applications and software security, and threat and security risk assessment, working in a public or private security function• knowledge of risk management frameworks such as NIST and ISO• knowledge of and experience with Government of Canada information technology security policies, directives, standards and guidelines (e.g., Policy on Government Security, management of information technology security, ITSG-22/33/38, Directive on Departmental Security Management)• knowledge of and experience with Government of Canada Harmonized Threat and Risk Assessment (HTRA) methodology and other security industry standards (e.g., ISO 27001, NIST 800 series, ITSGs, ITIL, PCI)or• an equivalent combination of education and experience may be considered
• hold Managing Directors accountable to their compliance management plans and ensure Bank-wise baseline controls are implemented• engage with autonomy with CSE and CSIS and use judgement to share the right amount of information with respect to travel security. Take this external information and apply it to Bank’s assets (people), fulfilling our duty of care obligation• requires understanding of physical, geo-politics, as well as cyber issues that vary from country to country. Includes directly reaching out to Bank travelers to confirm safety in the event of a security incident• conduct risk assessment and recommendations on Executive travel and provide to Employee Protection team for implementation of mitigating controls in planning of Bank Executive travel• independently brief Bank travellers up to MDs; and above (up to Governor) with support from CSS senior management• second line of defense currently provided by Audit• language requirement: English and French essential (bilingual) with a minimum starting level of functional in second official language. Training may be provided to help the selected candidate reach the required level of fully functional in second official language.
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career.• The salary range at hire for this position is typically from $84,968 to $104,960 (job grade 17) • Depending on performance, you may be eligible for performance pay for successfully meeting (7 to 10% of your base salary) or for exceeding expectations (15% of your base salary). Exceptional performers who far exceed expectations may be eligible for higher performance pay.• Flexible and comprehensive benefits so you can choose the level of health, dental, disability and life and/or accident insurance coverage that meets your needs• Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement• Option to join the indexed, defined-benefit pension plan after 24 consecutive months of serviceAs one of Canada’s Top 100 Employers, we offer you a superior work environment that allows you to reach your full potential both professionally and personally. We make career growth and professional development a priority. We are an equal opportunity employer committed to developing inclusive, barrier-free recruitment and selection processes, and work environments that support a diverse workforce. If you require accommodation measures during any aspect of the recruitment process, we will work with you to address your needs. Information related to accommodation measures will be treated as confidential.For more information on key benefits, please visit www.bankofcanada.ca/careers/working-here.
• Priority will be given to Canadian citizens and permanent residents• Candidates must be eligible for a top-secret clearance, including subject interview; secret clearance is the minimum required for initial engagement • There will be no relocation assistance provided We wish to thank all applicants for their interest and effort in applying for this position; however, only candidates selected for interviews will be contacted.
Copyright © Bank of Canada