GRC Specialist

Summary

Responsibilities

• Develop, implement, and maintain comprehensive GRC frameworks, policies, standards, and procedures in alignment with industry best practices (e.g., ISO 27001, NIST, COBIT, PCI DSS, GDPR, PIPEDA, etc.)
• Conduct regular risk assessments to identify, evaluate, and prioritize information security risks. Develop and monitor risk mitigation strategies and controls
• Perform vendor risk assessments, evaluating the security posture of third-party service providers and ensuring their compliance with our security standards and contractual obligations
• Lead and support internal and external audits, ensuring timely and accurate responses to auditor requests and findings
• Monitor changes in regulatory landscapes and industry standards, assessing their impact on the organization and recommending necessary adjustments to policies and controls
• Collaborate with various departments (IT, Legal, Operations, HR) to embed GRC principles into business processes and foster a culture of compliance
• Manage and track compliance activities, including the remediation of identified gaps and vulnerabilities
• Prepare and present GRC reports and metrics to the Information Security Manager and other stakeholders, providing insights into the organization's risk and compliance status
• Stay up-to-date with emerging threats, vulnerabilities, and cybersecurity trends
  

Skills And Qualifications Required

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field
• 3-5 years of experience in a dedicated GRC, information security, or IT audit role
• Solid understanding of cybersecurity frameworks and standards such as ISO 27001, NIST CSF, COBIT, ITIL
• Familiarity with privacy regulations relevant to Canada (e.g., PIPEDA) and global regulations (e.g., GDPR) if applicable to the business
• Proven experience in conducting risk assessments and developing risk mitigation strategies
• Experience performing vendor risk assessments
• Strong analytical, problem-solving, and decision-making skills
• Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to non-technical audiences
• Ability to work independently and collaboratively in a fast-paced environment
• Proficiency in both English and French is highly desirable
• Preferred Qualifications:
• Relevant industry certifications such as CISA, CISM, CRISC, CISSP
• Knowledge of cloud security principles and compliance requirements (e.g., AWS, Azure, GCP)