IT Security & Compliance Manager
Here at TJX Canada, we strive our hardest to make sure that, every day, our customers are able to find the latest and greatest designer brand names for less than they’d pay elsewhere. When they walk through the doors of our stores, whether it’s a Winners, HomeSense, or Marshalls, savvy shoppers know they’ll experience the “Thrill of the Find,” which, if you’re curious, feels like a slight breeze blowing over the surface of your skin—not a bad feeling, if we do say so ourselves.
But you’re not here to feel the breeze. You’re here to see if working with TJX Canada is right for you. To help with your decision, we’d like to introduce you to someone who once faced the same choice you have to make.
Silas is an IT Security & Compliance Manager. He’s responsible for managing TJX information security functions, which includes IT security and compliance activities across multiple locations, including stores, Home Office, Distribution Centers, and Regional Offices. He’s also responsible for overseeing the execution of all corporate security standards. It’s serious work, but he seems to enjoy the challenge.
Of course, Silas is serious about matters of security. But he’s also a gifted showman. He can present highly complex technical details as if he were explaining how to bake a cake. He’s gifted. That’s for sure.
This is Silas. He is definitely one of us.
If you do decide to apply for this position, and we agree that this is the right job for you, you’ll be supported by a plethora of internal programs whose only focus is the continued progress of your career. At TJX Canada, we do everything we can to help you achieve your full potential. But we can’t do it all ourselves. You’ll need to bring the ambition, the motivation, and the drive.
So what do you think? Like Silas, are you one of us?
Now, if you were to come on board as one of our IT Security & Compliance Managers, we’d ask you to do the following:
- Directly manage security and compliance teams and all related activities.
- Provide subject-matter expertise on the Sarbanes-Oxley (SOX), Payment Card Standards compliance for all areas of the business.
- Provide leadership in the coordination of the remediation of all SOX, PCI and audit deficiencies.
- Support the activities of the corporate information technology security functions as required.
- Work with internal and external auditors and contracted vendors related to compliance activities and projects.
- Provide regular updates to management on all compliance and IT security initiatives.
- Develop procedures and carry out periodic reviews to verify levels of compliance and ensure all deficiencies are remediated.
- Identify, report and resolve IT security violations.
- Partner with counterparts at TJX Companies in the USA to ensure that information security policy and procedures are kept up to date and are adhered to at all times.
- Ensure that all IT security administration standards are maintained as stated in the TJX security policies, privacy policies, and all government mandates.
- Participate in development and testing initiatives to ensure TJX project managers and project teams are complying with security rules.
- Provide security-related guidance and training to other IT and business associates.
Sounds rather challenging and exciting, right? Let’s hope so, because if it sounds easy or boring, there’s a good chance this job isn’t for you. But if it does sound right for you, here’s why we know you’ll be able to handle those challenges:
- You have a computer science degree (or equivalent training) with at least 5 years of experience in complex technology environments.
- You have experience guiding projects and teams while managing the IT controls around SOX, PCI, and ITIL; any experience with ISO policy framework and CoBit controls as well as PMI and CISSP certifications would be considered assets.
- You have experience in assessing and implementing IT controls required by Sarbanes-Oxley or PCI requirements.
- You have strong knowledge across multiple computer security concepts, including: identity and access management, application security, incident management and compliance.
- You have experience testing security as part of key IT projects and project implementation phases.
- You have a proven record of effective communication with management, internal auditors and external auditors.
- You have the ability to communicate and present technical security details to a wide range of audiences.
We know some of that might sound a little daunting, but if we’re going to meet and exceed our promises to our customers, we have to be committed to hiring the best person for the job.Read Less