Governance, Risk and Compliance (GRC) Manager

McCarthy Tétrault • Full-time • Calgary, AB, CA • 2w ago

Job Description

At McCarthy Tétrault, we offer challenging and rewarding career opportunities and are delighted to have been selected for the eleventh consecutive year in 2023 as one of Canada’s Top 100 Employers and one of Canada’s Best Diversity Employers . Our culture is built on professional excellence, collaboration, innovation, thought leadership and entrepreneurialism. We embrace inclusion in all its forms and we provide the tools and opportunities to help our people develop to their full potential.

This position can be based out of Toronto, Vancouver or Calgary. McCarthy Tétrault employees benefit from a hybrid work environment.

As a Governance, Risk and Compliance (GRC) Manager, you will be:

Owning the operational aspects of monitoring, maintaining, and expanding the scope of the Firm’s compliance to the ISO27001 standard.
Leading the responses to client audits and RFPs.
Optimizing and working with key stakeholders within the Firm to continuously improve the Firm’s IT governance, risk, and compliance posture.
Working with key cross-functional stakeholders to develop and enhance IT Security policies and procedures. Working with the Security team to optimize and conduct Security and
Privacy Risk Assessments.
Reviewing privacy incident reports and acting as a key point of contact to investigate and resolve privacy incidents, or escalate as required.
Enabling and conducting the review of third party vendors from a security risk and compliance perspective.
Working with internal and external stakeholders to deploy security controls in a business-enabling manner.

As our ideal candidate, you will distinguish yourself by the following profile:

8+ years of experience working within Information Security Governance, IT Audit, and Compliance or related fields
Certified ISO27001 Implementer or Auditor – preferable to have previous experience with implementing or maintaining an ISO270001:2022 compliant program
Familiarity with complementary risk standards, regulations and frameworks such as NIST, GDPR, PIPEDA are a strong asset.
CISM / CISSP certification is preferred an asset.
Strong leadership and communication skills with an ability to establish partnerships and influence at all levels
Demonstrated experience in liaising with and influencing internal/ external stakeholders to close findings.
Understanding of key security concepts such as Identity/ Access Management, Incident Response, Change Management, and 3rd party/ vendor supply chain security
Ability to manage and lead multiple concurrent projects and work within tight deadlines
Solution oriented and ability to solve problems for complex situations.
Ability to handle high pressure situations and tight deadlines.
Strong organizational, work and time-management skills.
Desire for growth/ learning new technologies within Information Security

As a member of the McCarthy team, you will have access to:

Outstanding benefits from day one, including insurance premiums paid by the Firm and wellness and technology reimbursements.
Competitive compensation and generous time off, including a day off to volunteer and a day off for your birthday.
A commitment to professional development and growth opportunities for our people at all levels, supported by a culture that fully embraces and encourages two-way feedback.
Strong community involvement and a commitment to equity, diversity and inclusion.
A collaborative, cohesive culture that connects lawyers and business teams through collective purpose.

We thank all applicants for their interest in McCarthy Tétrault; however, only chosen applicants will be contacted. We regret that we are unable to respond to individual inquiries about application status. McCarthy Tétrault is an equal opportunity employer that fosters an inclusive, equitable, and accessible environment. Please notify us if you require accommodation at any time during the recruitment process.