Ensure security principals are aligned with FCT objectives and reducing cybersecurity threats and expenses that result from security design, while upholding the three pillars of the CIA Triad: Confidentiality, Integrity, and Accessibility. This role also requires contributing to the development of security policies, recommending methods to remain compliant with regulations or contracts, and anticipating potential security threats. Work closely with cross-functional teams to assess security risks, define protection goals, and prioritize security initiatives. Play a key role in driving awareness and training programs across the organization to promote a security-conscious culture. Cybersecurity strategy contributes to the information security strategic roadmap by interfacing with core business functions and technology teams to identify required future state security capabilities, working with internal information security teams to secure the threat landscape, and considering strategic risks identified by the organization.

Independently perform risk-based security assessments of FCT third party vendorsArticulate security findings both technical and non-technical to a variety of stakeholdersProvide defensible recommendations/guidance on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefitsNegotiate acceptance of remediation plans and timelines based on level of risk associated with a findingReview corrective actions relating to security issues identified in a security assessmentAssist the CIO in performing and responding to internal IT Risk Assessment and Management activities. Develop necessary frameworks to meet requirements, identify gaps and work with FCT staff to develop solutions.Provide guidance and leadership in developing and managing key IT security control programs (PCI and SOC2) including; • Develop related policies and standard operating procedures• Develop and maintain effective mechanisms for the maintenance of documentation, controls and evidence• Maintain currency on the standards and awareness of industry trends• Provide consulting services to all stakeholders related to standards• Assist in the annual assessment of FCT controls, • Assist in the development, implementation and sustainability of a governance framework to foster compliance across the enterprise.

•Participate as a team member on key strategic projects impacting Financial Services and Canadian Tire Corp including Canadian Tire Retail, Part Source, Marks, FGL and Canadian Tire Petroleum as it relates to PCI compliance •Develop and communicate plans for assessments complete with timelines, approach, stakeholders and deliverables •Determine business requirements to enable the key initiative •Manage and facilitate issue resolution relating to PCI •Provide recommendations for process improvements•Manage PCI assessment and sustenance via established governance processes •Bridge the gap between business and IT ensuring common understanding and IT/Business alignment •Build stakeholder trust by understanding business concepts, issues, opportunities and language •Liaise with internal departments across all SBUs•Build cross functional relationships•Co-ordinate annual onsite assessment to include preparation and scheduling of scoping meeting, scheduling of information sessions for Canadian Tire employees in preparation of the assessment. Work with assessor to prepare interview schedule for onsite assessment. Create agenda, book work accommodations and request security access for assessor. Co-ordinate response to preliminary Report on Compliance (ROC).

Responsible for creating and organizing IT documentation for the C-SOX Internal audit• Evaluation of general computing controls and ensuring that the appropriate general computing controls are in place and working effectively throughout the organization.• Alignment of the CTFS C-SOX (Bill 198) CEO CFO Certification framework with the Canadian Tire Corporation risk management methodology.• Governance and Compliance Audit reviews of the IT processes and general computing controls based on the regulatory legislation requirements of (IFRS, C-SOX) CEO CFO Certification, (PCI DSS) Payment Card Industry Data Security Standards, (OSFI) Office of Superintendent of Financial Institutions Canada (PIPEDA) Personal Information Protection, Electronic Documents Act and INTERAC regulations and ISO 17799/27001 standards.• Responsible for regulatory requirements, effectiveness Audit testing, documentation, quarterly attestation and annual certification.• Validated compliance with corporate security policies.• Provided recommendations to management to correct control weaknesses identified by internal/external auditors and follow-up on outstanding audit findings.• Project and special request Security Risk Assessments• Vendor Risk Assessments 5970 SAS70 Audit report reviews and Contract Agreement/Statement of Work review and Security Incident response process• Provided effective project communication between the various clients, functional business units to ensure consistency and clarity of information• Responsible for the primary auditor of key management system• Maintain inventory of risks related to IT identified during audits, or project assessments and report monthly to management• Responsible for enterprise security awareness program• Responsible for coordinating yearly Ethical Hack and Penetration Testing

Responsible for the installation, configuration, ongoing monitoring and maintenance of CTFS security toolkit. A suite of products, which include Firewall, Virtual Private Networks (VPN), Intrusion Detection System (IDS) and Secure Access Control Server, Wireless Detection System and Active Directory LDAP, set by certification.• Responsible for assigning access details to machines, modify access rights and manage the system lifecycle• Plan and implement network security, including building firewalls, applying cryptography to network applications, managing host security, file permissions and disaster recovery plans, file system integrity, and adding and deleting users• Upgrade, patch, maintain, capacity plan, research and development• Work with outsourcing partnership• Implement appropriate system management disciplines and performance reporting• Create Standard Operating Directives for security devices• Monitor the environment and provide proactive problem recommendation, and resolution• Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficulties• Identify utilization patterns and their effect on operation/system availability and performance expectations• Anticipate communication and networking problems and implement preventive measures• Ensure timely user notification of maintenance requirements and effects on system availability• Investigate, recommend and install enhancements and operating procedures that optimize network availability.• Maintain confidentiality with regard to the information being processed, stored or accessed by the network• Document network problems and resolutions for future reference• Responsible for providing support in the key management solution• Investigate and resolve security incident issues• 3rd level and after hours support

Responsible for client server evaluation and design and redesign including capacity planning and tuning as it relates to windows server and desktop environments• Window server and desktop environment• Responsible installation, configuration, testing and implementation of windows hardware and software new or upgrade as well as software patches and fixes.• Selection, evaluation and recommendation of hardware and software including performance monitoring tools• Define and recommend hardware and software standards including best practices for windows server and desktop administration functions• Project management responsibilities• Participate in yearly disaster recovery planning and testing• Participated in the conversion of Windows 95/NT systems to Windows 2000 desktop and server• Provided 3rd level and after hours support for Windows systems• Administer network workstations, utilizing one or more TCP/IP or non-TCP/IP networking protocols Evaluate and/or recommend purchases of computers, network hardware, peripheral equipment, and software level and after hours support for Windows systems• Investigate user problems, identify their source, determine possible solutions, test and implement solutions.