Risk and Compliance Specialist - Jobs in ON

Job Description

Job Summary: This senior-level Risk/Compliance Specialist role requires a minimum of seven years of experience in information security, with a focus on leading security and vendor risk assessments, developing mitigation strategies, and implementing cybersecurity governance frameworks. The position involves collaborating with cross-functional teams, interpreting policies and standards, providing advice to management and executives, and ensuring compliance with industry regulations and standards. Strong communication, analytical, and problem-solving skills are essential. Location: Ontario, CanadaResponsibilities: - Lead security and vendor risk assessments, identifying risks and gaps, and developing mitigation strategies for third-party vendors. - Conduct detailed assessments of third-party vendors #39; security domains, communicate findings, and prepare regular reports and updates to management and stakeholders. - Develop and implement cybersecurity governance frameworks, policies, and procedures in collaboration with cross-functional teams. - Provide support for audit, compliance, and regulatory requests. - Collaborate with internal teams and vendors to develop cybersecurity requirements for new solutions, ensuring alignment with security policies and standards. - Work with project teams to recommend and implement security controls to address identified risks. - Identify requirements for policies and standards, and work with relevant teams in creation, development, review, and approval. - Act as a cybersecurity resource for new and upcoming project-based detail work. - Ongoing compliance work related to regulatory requirements and/or compliance to specified standards. - Develop security processes, procedures, governance artifacts, and security controls within Cybersecurity Risk Management and Governance/Compliance Programs. - Assist with security audits and threat/risk assessments. - Provide advice, risk assessment, recommendations, and technical assistance in implementing security controls for projects. - Communicate regularly with cybersecurity teams, internal stakeholders, and project teams. - Support the implementation of security principles, policies, and standards. - Coordinate and perform risk assessments against a wide variety of inputs. - Analyze data from various sources to identify remediation of risks. - Interpret policies, legislation, and standards to adequately provide advice for management and executives. Required Skillsamp; Certifications: - Minimum seven (7+) years of experience in information security, including working with large security projects. - Strong communication, interpersonal, and presentation skills. - Expertise in security governance, risk management, and compliance, including developing roadmaps, policies, standards, procedures, and processes. - Proven experience in contractual security requirements and third-party risk management through RFP processes and vendor evaluations throughout the procurement lifecycle. - Ability to work in cross-functional teams, communicating complex technical information to all levels of the organization, including the leadership team. - Proficiency in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, OneTrust, Audit Board). - Experience with the development of security processes, procedures, and standards documentation. - Strong knowledge of industry standards and regulations such as PCI-DSS, NIST, ISO 27001, and the ability to ensure compliance. - Strong time management skills and the ability to prioritize project work and ongoing responsibilities. - Self-motivation and the ability to work independently in a fast-paced environment. - Proficiency with standard Microsoft Office tools such as Word, Excel, PowerPoint, PowerBI, and Visio. - Current security designation (CISSP, CISM, CCSP, or CISA). Preferred Skillsamp; Certifications: - Public Sector Experience Special Considerations: - Hybrid work schedule: 2 days in the office/3 days remote. Scheduling: - Hybrid schedule (2 days in office, 3 days remote). Specific scheduling details may be discussed further during the interview process.