Apply for the GRC Officer, Information Security position
"*" indicates required fields
Office Status: Hybrid
Salary: $100,000 – $120,000
- Implementing comprehensive Policies, Procedures and Guidelines, that conform to the security goals and objectives established by the Management and by regulations.
- Maintaining the Bank’s IT Risk Assessment and related IT Risk processes.
- Ensuring that procedures contain segregation of duties and appropriate control points, to safeguard customer information.
- Monitoring access controls to information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing customer information intentionally or unintentionally to unauthorized individuals and to detect actual and attempted attacks or intrusions.
- Assigning access roles in applications based on company policy and security best practices.
- Maintaining a Data Retention and eDiscovery program including policies and procedures on handling legal hold requests, including how to obtain, secure, and preserve data of all types.
- Maintaining the Bank’s electronically stored information repository.
- Helping to maintain ESI preservation policies and controls.
- Ensuring compliance with relevant rules and regulations regarding ESI.
- Working with various internal stakeholders including Audit, Risk, Legal and Compliance functions.
- Working with various corporate stakeholders including Head Office control functions.
- Serving as a liaison between the Legal team, IT personnel, vendors, and outside counsel.
- Supporting periodic assessments to determine whether IT systems produce discoverable data or records.
- Providing for the periodic review and auditing of existing document retention holds.
- Managing cyber risk aspects of Vendor Management / Supply Chain processes per the relevant regulations and internal policies.
- Ensuring appropriate controls are in place related to employee access to data and document systems, account permissions, deletions, among others.
- Ensuring appropriate governance of system changes or other actions with implications for data retention.
- Ensuring that third-party/vendor document retention policies are fully in compliance with internal policies and controls.