Customer Login

Manager, Information Security

Manager, Information Security

Full-time Permanent

 

COMPANY OVERVIEW:  

Prairie Payments Joint Venture (PPJV) is a joint venture owned by three Prairie centrals created to digitally transform and modernize payment services for credit unions in the Prairies. PPJV’s goal is to ensure Prairie credit unions are competitive in payments and have access to efficient, modernized payments processing infrastructure.

ROLE SUMMARY

Manager, Information Security will work with the broader PPJV Leadership team to manage and to maintain Information Security functions to support the five main payments streams (e-Transfer, Bill Pay, Cheque, Wires, Automated Funds Transfer (AFT)) as well as emerging payments digital initiatives (Open Banking, Digital ID, Real Time Rail etc.) by following ISO, NIST and related financial standards and guidelines. Manager, Information Security is accountable for proactively managing the PPJV Security program, acting as a backup for the DISO, working with the Systems Integrator and Project Management Office (PMO) functions, and with our key managed service providers. The role is responsible for implementing the Cyber Security Plan and related governance, and for managing the related processes and functions.

KEY RESPONSIBILITIES

Manage the Cyber Security and IT Security Functions:

  • Proven ability in leveraging deep subject matter expertise in Financial Services, technology delivery and vendor management, and large-scale digital transformation.
  • Implement and manage the PPJV Cyber Security plan across all workstreams and functions.
  • Security management supporting emerging technology business cases, POCs, MVPs and financing, working with the DISO, and overall Senior Leadership Team (SLT).
  • Contribute to and execute PPJV’s Information Security strategy and roadmap.
  • Ensure that system and application security design is in accordance with PPJV policies and industry best practices.
  • Consult internal and external teams to ensure that security is factored into the evaluation, selection, installation, and configuration of all digital assets.
  • Participate in investigations of any actual or potential information security violations and manage escalation of security events.
  • Provide regular reporting on current state of Information Security program to the DISO, and other members of the Leadership team as appropriate.
  • Manage security related metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program.
  • Liaise with relevant business units (such as Internal Audit, Law, Finance, Risk Management, Compliance and P&C teams), and external agencies as needed to ensure that PPJV maintains a strong security posture.
  • Work with system administrators and application developers to audit, monitor and validate their environments’ security, including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the overall security posture and mitigate risks.
  • Provide oversight of the architecture and engineering of new systems and capabilities; including the evaluation of technical designs.
  • Participate in development, implementation, and maintenance of all information security policies and guidelines, and oversee the dissemination of security policies and practices.
  • Ensure PPJV’s information security program is consistently enforced throughout the organization.
  • Monitor security threats and vulnerabilities to determine the risks they pose to the business, and what countermeasures must be put in place to address them.
  • Coordinate with PPJV’s business partners to determine their information security programs, ensure they are consistent with PPJV’s policies, and evaluate any potential risks these partners may pose to its information assets.
  • Ensure that no internal security breaches or misuse of data take place.
  • Determine causes of internal and external security breaches and institute appropriate corrective action.
  • Creative thought leadership is required while also listening and engaging others to provide input in the shaping of vision.
  • Strong understanding and working knowledge of the financial services industry.
  • Understanding of the regulatory environment for financial institutions and the payment industry at both the federal and provincial level.
  • Effective communicator who engages colleagues, business partners, external stakeholders, and colleagues.
  • Proven experience in managing complexity and navigating ambiguity.

REQUIREMENTS:

  • Relevant education and 5+ years of related experience.
  • Proven track record and experience in managing information security programs, policies, and procedures, including successful implementations in medium to large enterprise environments.
  • Working knowledge of the latest technologies and security best practices.
  • Knowledge of the financial services industry.
  • Previous compliance related experience related to NIST CSF, SOC2, ISO and OSFI criteria.
  • Prior exposure to Risk Management and Vendor Management.
  • High degree of initiative, dependability; experience managing multiple, simultaneous, and high-profile information security initiatives and responses.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgement and maturity.

SKILLS REQUIRED

  • Deep knowledge of Information Security best practices
  • Technical knowledge of operating systems/networking/cloud/development processes
  • Familiarity with modern security tools with focus on Azure and M365
  • Working knowledge of Information Security domains such as Security Architecture, Identity and Access Management, Application Security, Data Security, Cloud Security
  • Ability to articulate security needs and concepts
  • Strong analytical, communication, and presentation skills

RELATIONSHIPS

Internal: Functional leaders, Executive Team.

External: Contact with Credit Unions, other financial institutions, government agencies, other affiliates, vendors, and suppliers

This is a mostly remote role with occasional travel to the office when needed. Preferred location: Greater Toronto Area, ON or Calgary, AB.

The Environment

PPJV is a fast paced and focused environment where employees and contractors share the mission to deliver efficient, cost effective, modernized payments processing to prairie credit unions. Interested candidates are asked to submit a resume & cover letter here by noon on May 17, 2024.

We thank all candidates for their interest; however, only those candidates selected for an interview will be contacted.

Back