Range
66,400.00 - 99,600.00 CAD
Job Description
Senior Cybersecurity Governance, Risk & Compliance Specialist
GAME ON – OLG needs you
We’ve said GAME ON, and we mean it – OLG is rapidly transforming its organization to better serve Ontarians by delivering great gaming experiences through our digital, retail lottery, and land-based gaming channels. Over the course of fiscal 2022-23, OLG delivered a record $2.5 billion in net profit to the Province of Ontario. OLG is now expanding our horizons even further, with a new strategic direction, to become a world class gaming entertainment leader with a globally admired digital platform.
We are ready to take this game to the next level and need a passionate
Senior Cybersecurity Governance, Risk & Compliance Specialist to develop and deliver enterprise cybersecurity governance programs to appropriately safeguard business operations and information assets. Day to day duties focus on the management of OLG Cybersecurity Governance, Risk, and Compliance; including risk assessments, policy management, verification of compliance, conducting governance activities for OLG, managed service providers, and cloud solution providers, as well as supporting internal, external and regulatory audit activities.
YOUR ROLE IN THE GAME
Reporting to the Director, Cybersecurity Governance, Risk and Compliance, you will be empowered to:
- Lead or participate in the design and development of policies and practices to ensure that OLG’s cybersecurity practices follow federal, provincial, regulatory, and internal requirements. Ensure practices are published, understood, and adhered to by OLG employees
- Manage the maintenance of security policies, procedures, and standards that enable the cybersecurity governance roadmaps to exceed security and privacy expectations
- Deliver metrics on compliance with cybersecurity policies focused on the successful development of a cybersecurity culture
- Lead or participate in risk-related security activities, including identifying, evaluating, planning, testing, delivering, reporting and prioritizing to ensure appropriate remediation and mitigation measures are in place
- Maintain and manage the risk register of cybersecurity risks including ensuring risks are periodically reassessed and reevaluated against modern context in a fast-paced industry with a high volume of change
- Conduct risk evaluations to determine the impact, cost, and severity of risk to ensure risk is within risk tolerance and the appropriate risk measure is recommended to senior leadership
- Research and monitor emerging security regulations and trends to ensure compliance with industry regulations and standards, including regulations to keep up to date on market changes
- Oversee third-party service providers, vendors and operators’ relationships for governance and oversight and provide expert opinion and recommendations regarding cybersecurity controls to mitigate any risks
- Conduct and manage governance activities focused on ensuring third-party service providers provide sufficient assurance that operations are conducted in a manner commensurate with OLG risk tolerance and cybersecurity requirements
- Translate complex security use cases, concepts and governance standards into scenarios and language that all OLG can relate to and understand
- Develop program compliance metrics and a prioritization framework and guidelines to ensure OLG is following and aligned to standardized monitoring and reporting practices
- Contribute expert opinion to the definition of major security compliance related incidents to ensure they are raised with the required stakeholders and a resolution is put in place
- Oversee the development of security compliance and audit management framework to manage, track and report on technology and security related audit activities and remedial action plans for all business lines to ensure that OLG is meeting compliance requirements
- Monitor adherence to Technology and security audit requirements by reviewing all audit findings and engaging required parties for corrective action
- Liaise with various Technology Departments, business representatives and internal and external audit firms and manage commitment to internal and external auditors.
- Promote continuous improvement of the program through regular self-assessment activities, development and enhancement of tools and processes and feedback gathered from key stakeholders to ensure security programs and initiatives remain current and pertinent to OLG.
- Other duties as required to maintain a robust and responsive Cybersecurity GRC program.
What You Need To Play
Work Experience: Minimum three (3) years’ experience in Technology or related function. Minimum of one (1) year experience in the development and delivery of enterprise cybersecurity governance, risk & compliance.
Education: Post-secondary degree, preferably in an information systems discipline, or an equivalent combination of education, training and experience. Certification in Security (CISSP), Certified Ethical Hacker (CEH), Risk Management (CRISC) &/or Certified Information Security Manager (CISM) and/or other security certifications.
Primary knowledge around: Technology Governance, Risk, and Compliance. Information Security Audits. Information Security Technologies
Secondary knowledge around: Information Security Architecture. Information Security Service Management. Information Security Administration. Information Assurance & Protection. Data Privacy. Computer Forensics & Investigation Methodologies. Digital Forensic Tools & Practices. Penetration Testing. Vulnerabilities Assessment. Firewall Management. Computer, Network and Internet Security. Security Incident Response
Negotiation and Influence: ability to negotiate and influence effectively while being open to perspectives and maintaining strong relationships
Strategic Thinker: strong strategic and critical thinker with ability to delve into unique challenges and find creative solutions
Collaboration & Fun: inclusive and collaborative work style while creating fun and excitement in our work
Integrity and Trust: do what's right and operate with transparency and openness
Licenses, Registrations, Certificates
AGCO Category 2 Gaming Assistant Registration (Initiated at offer stage - employment is conditional upon obtaining and maintaining this license)
PERKS OF JOINING OUR TEAM
- Part of a Bigger Picture: socially responsible company that gives back all its profits to the province and people of Ontario
- Flexible Work Environment: to help balance both work and life
- You Matter: family friendly work practices and hybrid work
- Freedom to Innovate: supports new and better ways to be successful
- Be your Authentic Self: environment that values diversity as a source of strength
- Learning Galore: 24-7 access to robust online learning programs
- Public Service Pension Plan: participate in a major defined benefit pension plan sponsored by the Government of Ontario
- Variable Pay Program: performance-based incentives to share in our success (Permanent OLG Employees Only)
Learn about OLG – GAME ON!
OLG’s purpose is to contribute to a better Ontario by delivering great entertainment experiences for our customers. We are a
multi-billion-dollar organization with a wide array of business lines including, lottery, land-based casinos, digital lottery and casino, horseracing, and charitable gaming. OLG is amidst a massive transformation focusing on being customer obsessed and bringing our digital business to a whole new level.
The key to our success is
our people. Our culture will be grounded in true, positive partnerships that embrace trust, clarity, and openness in all that we do. We are supporting and empowering employees and teams across the organization through greater accountability, leadership development and growth opportunities. OLG is embracing more flexible work options and family friendly work practices including hybrid work.
Equity, diversity, and inclusion are essential elements of our culture and cornerstones of the Five Truths that OLGers Live by. At OLG, our employees have the space to be themselves and use their perspectives and skills to benefit the people and the Province of Ontario.
While we are re-shaping and growing our business, we are unwavering when it comes to living our purpose, and ensuring our business delivers meaningful
benefits for the people of Ontario. OLG’s net profits are reinvested back into the province, contributing to the quality of life for Ontarians.
To learn more about OLG go to our website at www.olg.ca
We look forward to hearing from you, interested applicants please apply online by September 6, 2024.
OLG is an equal opportunity employer. We are committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. Please contact Human Resources at careers@olg.ca if you require accommodation at any time throughout the hire process.
We thank you for your interest in this opportunity; however only those individuals selected for an interview will be contacted.
Personal information is collected by the Ontario Lottery & Gaming Corporation (OLG) and/or its third party service provider(s) under the authority of the Ontario Lottery and Gaming Corporation Act, 1999, SO 1999, c 12, Sch L and the Employment Standards Act, 2000, S.O. 2000, c. 41 (as amended) and will be used for the purpose of determining qualifications for employment with OLG and for recruitment modernization initiatives. The information will be managed in accordance with all applicable laws, OLG’s Protection of Privacy Policy (the Policy) and related policies and procedures. For any questions about this collection, please contact careers@olg.ca, 800-70 Foster Drive, Sault Ste. Marie, ON, P6A 6V2.