Reports to: Chief Information Security Officer
Schedule: Monday-Friday
Additional Requirements: N/A
Number of Positions: 1
Start Date: ASAP
Internal Application Deadline: May 14, 2025

LifeLabs operates under a hybrid workforce model. Further details will be provided during the interview stage.

This vacancy is for an existing position.

 

Purpose of the Role

The Sr. Manager, Security GRC & Engineering will be an integral member and leader within the LifeLabs’ Cybersecurity team, responsible for overseeing strategic initiatives. LifeLabs will require a ‘fit for purpose’ GRC program, methodologies and toolkits to allow the organization to easily identify, assess, manage, and report risks in a way that brings value to LifeLabs as well as deliver new product and security capabilities and controls directly focused on risk mitigation. This role will also focus on the advancement of the security posture for our systems and infrastructure. This role will directly impact the security across the entire LifeLabs ecosystem.

 

Core responsibilities include creating and leading projects that enhance the organization’s governance program, security engineering capabilities, participate in the management of the organization’s technical risks, and oversee the organization’s compliance with industry regulations. As a pivotal member of the Cybersecurity team, this individual will work closely with the CISO as well as large stakeholders across the firm in order to discuss and enable a better understanding of large-scale Cybersecurity issues.

 

Your responsibilities will include:

Assist the CISO in creating long term security strategies, as well as roadmap various governance models Oversee information security policies and ensure that they meet both internal and external requirements of the industry Identify information security issues/risks and design mitigation methods to appropriately handle them Leverage technology to streamline process of managing GRC across the enterprise Partner with other teams across the organization to discuss pertinent GRC issues Develop new policies and risk reports that are based on frameworks specified by the firm Keep up with ongoing trends and changes within the GRC community, and make sure that LifeLabs is up to date with the latest relevant methods and practices Work with management and executives to develop the business case and define the GRC strategic vision, objectives, roadmap, milestones and financial plans/budget Develop and oversee GRC program methodology, policies, procedures and toolkits required Work collaboratively with business units and/or function head/leaders to: Develop, update and/or align their policies, procedures, enterprise taxonomies, and other data-sets necessary Participate and lead meetings with business stakeholders to understand operational business processes, identify areas of opportunities and/or improvement through GRC transformation Capture and translate business requirements (operational, monitoring and reporting) to technical and functional requirements Plan, prepare and review deliverables in various forms including written reports, presentations and meeting discussions with both internal and external parties Lead a team of security engineers Develop risk-based mitigation strategies for infrastructure, platform, operating systems, and applications Partner with internal customers such as infrastructure, IAM, operations and governance teams to build tooling and technology to optimize continuous deployment, monitoring and secure baseline assessment technologies Lead the Engineering Team on relevant security practices as needed (specific to findings) Develop strategy & roadmaps targeted at improving the security posture at LifeLabs Manage execution & delivery of roadmap items Imbed security standard processes into the release to production workflow Manage and oversee continuous improvement of security controls and technologies Oversee and own accountability for all security project deliveries Communicate with executives to obtain their buy-in, sponsorship and sustained support. Liaise and work collaboratively with business/functional heads to ensure a successful and sustainable program delivery Establish and maintain relationships with T&O and external technology vendors, and system integrators

What you bring to the role: 

Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field 7+ years of experience working with IT Governance, Risk and Controls, or in the engineering field One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC) The candidate’s IT industry certifications (e.g. CompTIA) will also be taken into consideration Implemented an ISO 27001 program Achieved ISO 27001 certification for an organization Developed or worked in security service-oriented framework/program Strong experience working and managing a controls objective framework Experience in leading or managing large complex transformation and capacity building projects Strong experience in governance, audit, risk, compliance, cyber, and policy management SME in drafting policies, procedures and RACI matrices Experience managing compliance of policies Experience with GRC/IRM technology solutions such as (e.g. RSA Archer, ServiceNoW, MetricStream, Refinitiv, OpenPages, etc.) Strong knowledge in project management and technology implementation methodologies and lifecycles Professional security management certifications are highly preferred (i.e.. CISSP, CRISC) Extensive knowledge of GRC, and GRC best practices Ability to process and understand complex information relevant to cyber security initiatives Possess the ability to multi-task between projects Understanding of the NIST and ISO framework as well as other associated cyber security standards