Alimentation Couche-Tard (Circle K) seeks a driven, dynamic Global Head of Cybersecurity Risk and Compliance to help build and lead a comprehensive cybersecurity risk management program and team.
Reporting to the Global Chief Information Security Officer and VP Global Infrastructure, you will help to mature and maintain a global and enterprise-wide cybersecurity risk management and compliance program, collaborating with the cybersecurity operations team, functional areas, and operations stakeholders to drive initiatives in an exciting, fast-paced environment.
As a strategic advisor, you will guide and manage Circle K's capabilities to help manage Circle K's cybersecurity risk and help enable compliance with industry standards, laws, and regulations.
Responsibilities :
Develop and mature a global and enterprise-wide cybersecurity risk and compliance strategy that aligns with organizational priorities, business objectives, regulatory requirements, and evolving risks, threats, and vulnerabilities.
Grow and lead a highly skilled team managing and supporting cybersecurity risk and compliance, risk assessment, reporting (internal and Board), metrics, cybersecurity policy, security awareness, and 3rd party risk management while overseeing the day-to-day relationships and activities.
Manage, monitor, and mature a risk and threat-based information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information owned, controlled, and processed by the company.
Manage and mature enterprise-wide compliance, risk assessment, reporting, and cybersecurity policies; enterprise-wide 3rd party cybersecurity risk management program;
and information security training and awareness program.
Oversee information security audits and provide consistent responses to external information security questionnaires.
Partner with business units and IT risk management team to ensure that risk management processes and security standards are understood and consistently applied across the company.
Partner with the cybersecurity operations team in areas that include vulnerability management, threat intelligence, incident management, security architecture, advisory, and customer / workforce identity and access management.
Evaluate security controls and opportunities for improvement and communicate recommendations.
Maintain a high degree of knowledge of current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance.
Qualifications :
At least 15 years of experience with 10 years of cybersecurity experience
Strong ability to identify needs, take initiative, and prioritize work efforts, balancing operational tasks with longer-term strategic security efforts
Proven understanding of business focus and processes, and ability to inject governance into the business through teamwork and influence.
Ability to establish and maintain trust and rapport with the team and external constituents
Strong knowledge and understanding of information security management frameworks and various regulatory requirements such as SOC 2, NIST, SOX, CCPA, and GLBA.
Excellent project management, written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various levels, ranging from investors to engineers.
Demonstrated experience and success in senior leadership roles in risk management and information security.
Education & Certifications : Bachelor's or Master's degree; CISM, CISSP, and / or other industry certifications
LI-CQ1
Circle K is an Equal Opportunity Employer.
The Company complies with the Americans with Disabilities Act (the ADA) and all state and local disability laws. Applicants with disabilities may be entitled to a reasonable accommodation under the terms of the ADA and certain state or local laws as long as it does not impose an undue hardship on the Company.
Please inform the Company's Human Resources Representative if you need assistance completing any forms or to otherwise participate in the application process.
Click below to review information about our company's use of the federal E-Verify program to check work eligibility :
In English
In Spanish