Job Description

JOIN OUR TEAM



Metro Supply Chain is a strategic supply chain solutions partner to some of the world's fastest growing and most reputable organizations. For 50 years, it has excelled at tailoring integrated, data-driven solutions, fueled by advanced systems and technology, that fulfill complex and challenging distribution needs. Managing 19 million square feet operating out of more than 175 sites across North America and Europe with a team of 9,000, it is one of Canada's largest privately owned supply chain solutions companies. Metro Supply Chain is a 2024 winner of the Canada's Best Managed Companies program, recognized for its strategic expertise, culture of innovation and commitment to its people and local communities.



SUMMARY

The Senior Cyber Security Analyst - Governance, Risk, and Compliance (GRC) is responsible for establishing, implementing, and maintaining a firm-wide information security governance program designed to help ensure the Security program and it's supporting capabilities and processes are effectively protecting information and system assets. This position is responsible for proactively identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Periodic assessments are expected to be performed to validate that Information Security controls are appropriate and operating effectively.



Responsibilities & Deliverables

Governance

Develops, implements, and administers firm-wide Security Policies and Standards with alignment to industry best practices such as NIST and ISO. Creates and maintains operational and executive summary Security KRIs/KPIs for committee and board level reporting. Provides reporting on the status of the information security program to senior business and technical leaders. Managing the security metrics program which includes coordinating the collection of security metric data, tracking and reporting metrics and developing and refining new security metrics. Develops and enhances an information security control assessment framework based on appropriate information security industry standards to measure the efficiency and effectiveness of the program controls. Manages the organization's Data Governance Lifecycle (discover, remediation, asset registry, data flow mapping). Reviews security requirements and questionnaires from existing and potential customers.

Compliance Management

Works with Audit and External consultants as appropriate on required security assessments and audits. Performs security and compliance assessments on new and existing systems, processes, and technology. Performs periodic gap assessments to validate compliance on an ongoing basis. Develops methodologies to audit, benchmark and report compliance status. Stays up to date and informed on developing regulatory concerns and changing IT and information security trends.

Risk Management

Facilitates the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings. Provides leadership, direction, and guidance in assessing and evaluating information security risks and monitors compliance with security standards and appropriate policies. Supports the organization's vendor management processes by performing Vendor/3rd-Party Risk Assessments. Communicating and reporting status and audit findings on key information security metrics to peers and management and all other relevant individuals and groups.

Training and Awareness

Creates and manages targeted information security awareness and education program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of the program.

Qualifications and Required Experience

Minimum 5 years of information security experience in any combination of risk management, information security or information technology leadership. 3 - 5 years participation and experience across various compliance, regulatory and common industry security policy areas (NIST; ISO; GDPR; SOX; etc.). Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection. Excellent communication (verbal and written) and customer service skills. Strong interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management. Excellent organization/project planning, time management, and change management skills across multiple functional groups and departments. CISSP, CRISC, CISA, CISM or other relevant certifications are preferred.

Why Join Us

Work in an environment where safety is our first priority The opportunity to build a career with a growing company Medical, dental, and vision coverage for you and your family Life and disability insurance Wellness programs to support your family's well-being A Retirement Savings Program with a company match Company team wear allowance Employee Appreciation Day Company sponsored social events Community volunteering

We are an equal opportunity employer committed to building and fostering a diverse workplace where people feel included and valued. We encourage applications from all qualified individuals.

Should you require accommodation for a special ability or need during the recruitment process, please reach out to a member of our Human Resources Team.