Cyber Governance Specialist – Assurance
- Great opportunity to join a global organization at the forefront of mining
- An excellent work environment where people are valued and respected
- Role Based in Montreal, Quebec
About the role
We are looking for a Cyber Governance Specialist – Assurance to provide expertise in the implementation and improvement of Cyber Security’s standards and compliance framework, in line with Cyber's mission to protect Rio Tinto’s Information, Digital Assets and Industrial Control Systems.
As part of a specialist Cyber Governance and Compliance team, this role will have a compliance focus and primarily provide practical expertise in the ongoing implementation of a control framework which serves as a basis for compliance assessment against Cyber's standards and compliance framework. It will require active engagement across Rio Tinto IS&T and Business teams, service partners, and assurance stakeholders, both internal and external. Reporting to the Manager Cyber Security Compliance Assessments, you will:
- Establish and maintain effective relationships with key stakeholders, leaders and team members within North America and European (AMER/EMEA) (specifically) and the broader organisation, including local and extended Cyber teams, IS&T teams (Operations, Delivery Hubs, Canadian Hub in particular), Risk AoE Business Partners, Group Internal Audit, Business Functions / Operations Leaders.
- Undertake a lead role within the region as the Single Point of Contact for technology risk and assurance domains.
Risk and Assurance - Reviews
- Lead the execution of risk and assurance reviews within the North America and European regions (AMER/EMEA), with the objective of measuring risk and control effectiveness against applicable frameworks and standards such as the IS&T Controls Framework (COBIT based), and the Cyber Security Framework (NIST based), Cyber Technical Standards. This includes:
- collaboration with Cyber teams taking into consideration past security risk assessments and compliance assessments
- collaboration with function such as HR, Legal etc…, to take into consideration legal and regulatory requirements.
- Proactively drive identification of potential solutions to remediate gaps identified from assurance reviews working closely with control owners.
- Support risk and assurance activities in other regions as necessary.
Risk and Assurance - Management
- Lead the maturity and improvement of risk culture and practice, supporting first line management in applying effective risk practices and generating appropriate risk behaviours, including maintenance of risk registers, controls and actions (maintained in Archer).
- Monitor key risks and control data and assist in the data collection, coordination and trend reporting of IS&T risk activities.
- Contribute to the continuous improvement of the IS&T Controls Framework and Risk Management Framework.
- Re-define risk registers and attend risk reviews as part of role development.
Seeking an experienced technology risk professional to support the effective oversight and monitoring of IT Risk across Rio Tinto. The role forms a part of the 2nd Line Risk and Assurance team and provides subject matter expertise covering a full spectrum of Technology risks (including but not limited to system continuity, information and cyber security, IT project, IT operations, and third-party risk management).
To be successfully considered for this role, you will have:
- Post-secondary education or bachelor’s degree, in business, management, compliance or audit or IT Management or related degree
- Minimum 5 years’ experience as an IT Business Analyst or in an IT governance & compliance role for a large enterprise, or equivalent professional services experience
- Ability to work unsupervised with high personal standards and integrity, and in a highly deadline driven environment
- Bilingual is an asset
Experience within a Technology Risk management/compliance function and technology controls programs and risk domains, Project Management, e.g. Change Management, SDLC, data protection practices, risk assessment frameworks, etc
Knowledge in areas of Information Security, Operational Risk and IT governance
- Ability to manage multiple priorities/projects simultaneously, including the ability to manage relationships with internal stakeholders and resolve challenging issues
- Excellent problem-solving skills with the ability to proactively identify issues and solutions
- Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or Certified Governance of Enterprise IT (CGEIT) is desirable
Where you will be working
Rio Tinto Information Systems and Technology (IS&T) operates to enable better alignment with customer priorities, end-to-end accountability and flexibility to prioritize critical work. The function provides solutions that are aligned with current and future business requirements through the development and ongoing delivery of IT strategy and solution roadmaps. Through appropriate governance, consultative processes, and the use of industry best practices, IS&T also ensures that emerging technologies and innovative ideas are constantly evaluated, considered, and adopted, to provide easy-to-use, best-in-class solutions and services.
As pioneers in mining and metals, we produce materials essential to human progress.
Our long history is filled with firsts. We’ve developed some of the world’s largest and best quality mines and operations, and our people work in around 35 countries across six continents. Aluminum and copper, diamonds, gold and industrial minerals, iron ore, coal and uranium: our materials make up the world around us. You’ll find them in smartphones, planes, cars, hospitals and throughout your home.
Creating an inclusive and diverse workforce
We are a diverse team of talented, enthusiastic individuals who foster a culture of inclusion. No matter how they may differ, our people share one thing in common. It’s a belief that work is more rewarding when we are accepted and valued for our differences, not judged by them. We all have something to contribute, and it’s this contribution that makes for a great organization and fulfilling career.
Apply today if you want to work with the latest technology and innovation, in an environment where we challenge you to drive positive change.
Please note, in order to be successfully considered for this role you must complete all pre-screening questions.
Certified In The Governance Of Enterprise It
Certified In Risk And Information Systems Control
Certified Information Security Manager