This senior-level Risk/Compliance Specialist role requires a minimum of seven years of experience in information security, with a focus on leading security and vendor risk assessments, developing mitigation strategies, and implementing cybersecurity governance frameworks. The position involves collaborating with cross-functional teams, interpreting policies and standards, providing advice to management and executives, and ensuring compliance with industry regulations and standards. Strong communication, analytical, and problem-solving skills are essential.
Location: Ontario, Canada
Responsibilities:
- Lead security and vendor risk assessments, identifying risks and gaps, and developing mitigation strategies for third-party vendors.
- Conduct detailed assessments of third-party vendors' security domains, communicate findings, and prepare regular reports and updates to management and stakeholders.
- Develop and implement cybersecurity governance frameworks, policies, and procedures in collaboration with cross-functional teams.
- Provide support for audit, compliance, and regulatory requests.
- Collaborate with internal teams and vendors to develop cybersecurity requirements for new solutions, ensuring alignment with security policies and standards.
- Work with project teams to recommend and implement security controls to address identified risks.
- Identify requirements for policies and standards, and work with relevant teams in creation, development, review, and approval.
- Act as a cybersecurity resource for new and upcoming project-based detail work.
- Ongoing compliance work related to regulatory requirements and/or compliance to specified standards.
- Develop security processes, procedures, governance artifacts, and security controls within Cybersecurity Risk Management and Governance/Compliance Programs.
- Assist with security audits and threat/risk assessments.
- Provide advice, risk assessment, recommendations, and technical assistance in implementing security controls for projects.
- Communicate regularly with cybersecurity teams, internal stakeholders, and project teams.
- Support the implementation of security principles, policies, and standards.
- Coordinate and perform risk assessments against a wide variety of inputs.
- Analyze data from various sources to identify remediation of risks.
- Interpret policies, legislation, and standards to adequately provide advice for management and executives.
Required Skills & Certifications:
- Minimum seven (7+) years of experience in information security, including working with large security projects.
- Strong communication, interpersonal, and presentation skills.
- Expertise in security governance, risk management, and compliance, including developing roadmaps, policies, standards, procedures, and processes.
- Proven experience in contractual security requirements and third-party risk management through RFP processes and vendor evaluations throughout the procurement lifecycle.
- Ability to work in cross-functional teams, communicating complex technical information to all levels of the organization, including the leadership team.
- Proficiency in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, OneTrust, Audit Board).
- Experience with the development of security processes, procedures, and standards documentation.
- Strong knowledge of industry standards and regulations such as PCI-DSS, NIST, ISO 27001, and the ability to ensure compliance.
- Strong time management skills and the ability to prioritize project work and ongoing responsibilities.
- Self-motivation and the ability to work independently in a fast-paced environment.
- Proficiency with standard Microsoft Office tools such as Word, Excel, PowerPoint, PowerBI, and Visio.
- Current security designation (CISSP, CISM, CCSP, or CISA).
Preferred Skills & Certifications:
- Public Sector Experience
Special Considerations:
- Hybrid work schedule: 2 days in the office/3 days remote.
Scheduling:
- Hybrid schedule (2 days in office, 3 days remote). Specific scheduling details may be discussed further during the interview process.
...Paid sick time, FTO, Vacation Additional perks & benefits for year round employees POSITION SUMMARY The Resort Journeyman Electrician is responsible for maintaining the electrical systems and sub systems for the resort. This includes identifying potential...
JOB SUMMARYThe PHYSICAL THERAPIST (P.T.) is a qualified professional who directs, supervises,... ...unit senior care companies, governments, school systems, VMS and MSP vendors trust us... ...provided.* Evaluates and establishes goals based on patient's current level of...
Fast growing company looking to hire a 'C' or 'CC' licensed investigator in the Fort Lauderdale/Miami area for surveillance jobs in the area. Must have a digital video camera and the ability to upload reports and video. Investigator will need to have a good running vehicle...
...WR Danzi Logistics is looking for motivated individuals to join our team as a DOT Delivery Driver. We are an Amazon XL DSP dedicated to providing excellent delivery experience to our customers while maintaining a safe work environment. Location: HNY1 at 80 Grumman...
...work schedules and the ability to work today and get paid tomorrow.Responsible for assisting with all operational tasks within the store as delegated and assigned by the Store Manager with main focus on the front-end and sales floor operations. Also assist with the hiring...