Allgemeine Angaben
Ref Number
Standort
Land
Work Style
Jobbeschreibung
About the role:
The IT GRC Lead will be responsible for leading several existing governance, risk and compliance initiatives while also ensuring that internal systems are compliant with security standards. The IT GRC Lead’s responsibilities include timely meeting of the security and compliance requirements, control deficiencies and information security risks.
Responsibilities:
Develop and maintain IT policies, procedures, and standards to ensure compliance with regulatory requirements and industry best practices
Lead internal and external compliance/audit projects to timely completions on multiple security and compliance frameworks (e.g. SOC 2, PCI, ISO, NIST, GDPR, CIS, COSO, HITRUST, PIPEDA and FISMA) and manage the roadmap of corresponding mitigating controls.
Map multiple requirements across the information security framework to identify gaps, develop mitigation plans and timely execute them
Manage third-party risk for critical vendors and ensure completion of internal risk assessments
Manage expectations from critical stakeholders around security policy/risk management
Support sales teams in the completion of RFPs and client or vendor security questionnaires
Manage client contractual obligations around security and compliance
Lead periodic gap assessments to validate compliance on an ongoing basis to ensure that proper controls are in place and risks are appropriately mitigated
Collaborate with cross-functional teams to monitor and remediate control deficiencies against established deliverables and timelines
Providing guidance and training to IT teams on GRC best practices and standards.
Keeping abreast of developments in IT risk management and compliance trends to recommend improvements to the organization's GRC program.
Requirements:
Relevant education and certifications in audit, information assurance, corporate governance and/or risk management (preferably)
7+ years of progressive experience in the IT risk, security, compliance, or audit field
Minimum 5+years of experience conducting security control assessments and audits for on-premise and cloud platforms (SOC 2, PCI, ISO)
Knowledge of risk and security controls for cloud platforms (GCP, AWS, Azure) highly desired
At least one industry certification (e.g. CISA, CISM, CRISC, CISSP) highly desired
Strong analytical and critical-thinking skills
High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities
Ability to work under pressure and meet tight deadlines
Ability to communicate issues to technical and business representatives, in both written and verbal forms
Demonstrate ability to negotiate resistance effectively and win concessions without damaging relationships
Experience with GRC tools
Bi-lingual (French) an asset
What’s in it for you:
Private medical and life insurance from day one.
Employee Stock Purchase Plan ESPP
Budget for professional growth (certifications)
Schedule flexibility.
Extra bonus based on performance.
Zusätzliche Stellenbeschreibung
EEO Statement