RQ01891 - Risk/Compliance Specialist - Senior
Client: Ontario Cannabis Retail Corporation
Work Location : Toronto
Hours per day or Week: 7.25 hours per day
Employment Type: Contract
Description
We’re looking for a Governance, Risk, & Compliance (GRC) Consultant to support our Information Technology Team. The GRC Consultant will be responsible for managing, assessing, and documenting OCS’s governance, compliance and risk posture as they relate to our information assets as well as providing technical and information security expertise to ensure effective system-wide security analysis, standards, and testing. This role will lead the development and implementation of the system-wide risk management function of the GRC program to ensure information risks are identified and monitored.
The GRC Consultant will partner with stakeholders to develop policies, procedures, standards, and guidelines around Governance, Risk, and Compliance and conduct risk assessments as needed. The GRC Consultant will assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for OCS’s information and technology systems. Additionally, the GRC Consultant will manage the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and relevant regulations.
Must Haves:
Certifications in one or more of the following areas: CISSP, CISA, CRISC, CISM, GRCP, CGRC, GIAC
7+ years of progressive work experience in GRC (preferred) or Information Security including cloud, vulnerability assessments/remediation, security operations, and security architecture
Expert knowledge on GRC areas, including staying on top of new trends/exposures/risks.
ISO 27001, NIST and related industry standards/frameworks
3+ years of GRC experience in a cloud environment
Experience and Skill Set Requirements
Education/Knowledge Requirements: 20%
Bachelor’s Degree or higher in Information Security, Computer Science, Information Technology, Engineering or equivalent work experience
Certifications in one or more of the following areas: CISSP, CISA, CRISC, CISM, GRCP, CGRC, GIAC
Knowledgeable of CIS, ISO 27001, COBIT, NIST and related industry standards/frameworks
Intermediate knowledge of Threat Risk Assessment (TRA) design and delivery
Experience Requirements: 30%
7+ years of progressive work experience in GRC (preferred) or Information Security including cloud, vulnerability assessments/remediation, security operations, and security architecture
1+ years of experience implementing and/or using ServiceNow’s GRC module
2+ years of experience designing a GRC framework
1+ year Project Management experience
3+ years of GRC experience in a cloud environment
Experience working in regulated industries preferred
Technical Requirements: 40%
Demonstrated ability to lead risk assessment for OCS projects, systems, processes and vendors
Expert knowledge on GRC areas, including staying on top of new trends/exposures/risks. Demonstrated ability to use this expertise to guide business on how to minimize risks and increase our security.
Experience creating GRC roadmap and managing the process in alignment with corporate strategy
Communication Requirements: 10%
Demonstrated ability to work in a collaborative, teamwork, and professional environment
Excellent written and verbal communication skills
Demonstrated relationship building skills