CygniSoft Inc.

View Original

Risk/Compliance Specialist – Senior (Contract)

CygniSoft

RQ01891 - Risk/Compliance Specialist - Senior

Client: Ontario Cannabis Retail Corporation

Work Location : Toronto

Hours per day or Week: 7.25 hours per day

Employment Type: Contract

Description

We’re looking for a Governance, Risk, & Compliance (GRC) Consultant to support our Information Technology Team. The GRC Consultant will be responsible for managing, assessing, and documenting OCS’s governance, compliance and risk posture as they relate to our information assets as well as providing technical and information security expertise to ensure effective system-wide security analysis, standards, and testing. This role will lead the development and implementation of the system-wide risk management function of the GRC program to ensure information risks are identified and monitored.

 

 The GRC Consultant will partner with stakeholders to develop policies, procedures, standards, and guidelines around Governance, Risk, and Compliance and conduct risk assessments as needed. The GRC Consultant will assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for OCS’s information and technology systems. Additionally, the GRC Consultant will manage the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and relevant regulations.

Must Haves:

  • Certifications in one or more of the following areas: CISSP, CISA, CRISC, CISM, GRCP, CGRC, GIAC

  • 7+ years of progressive work experience in GRC (preferred) or Information Security including cloud, vulnerability assessments/remediation, security operations, and security architecture

  • Expert knowledge on GRC areas, including staying on top of new trends/exposures/risks.

  • ISO 27001, NIST and related industry standards/frameworks

  • 3+ years of GRC experience in a cloud environment

Experience and Skill Set Requirements

Education/Knowledge Requirements: 20%

  • Bachelor’s Degree or higher in Information Security, Computer Science, Information Technology, Engineering or equivalent work experience

  • Certifications in one or more of the following areas: CISSP, CISA, CRISC, CISM, GRCP, CGRC, GIAC

  • Knowledgeable of CIS, ISO 27001, COBIT, NIST and related industry standards/frameworks

  • Intermediate knowledge of Threat Risk Assessment (TRA) design and delivery

Experience Requirements: 30%

  • 7+ years of progressive work experience in GRC (preferred) or Information Security including cloud, vulnerability assessments/remediation, security operations, and security architecture

  • 1+ years of experience implementing and/or using ServiceNow’s GRC module

  • 2+ years of experience designing a GRC framework

  • 1+ year Project Management experience

  • 3+ years of GRC experience in a cloud environment

  • Experience working in regulated industries preferred

Technical Requirements: 40%

  • Demonstrated ability to lead risk assessment for OCS projects, systems, processes and vendors

  • Expert knowledge on GRC areas, including staying on top of new trends/exposures/risks. Demonstrated ability to use this expertise to guide business on how to minimize risks and increase our security.

  • Experience creating GRC roadmap and managing the process in alignment with corporate strategy

 Communication Requirements: 10%

  • Demonstrated ability to work in a collaborative, teamwork, and professional environment

  • Excellent written and verbal communication skills

  • Demonstrated relationship building skills