This role focuses on Governance, Risk, and Compliance (GRC), involving policy development, risk assessment, compliance audits, and alignment with industry standards and regulations.
Key Responsibilities:
Governance: Develop, update, and maintain security policies, standards, and procedures. Ensure alignment with frameworks like ISO 27001, NIST, and SOC 2. Report on security performance.
Risk Management: Conduct risk assessments (including PIA and TRA), apply mitigation methodologies, act as a subject matter expert, and maintain the risk register.
Compliance: Support internal and external audits against frameworks (NIST CSF/800-series, ISO 27001). Draft standards and ensure compliance with FIPPA and PHIPA. Participate in forensic audits.
Third-Party & Contract Oversight: Create and assess RFI/RFP documents and vendor agreements for security controls. Coordinate with internal and external teams for compliance.
Qualifications:
University degree in Computer Science, Engineering, or a related field.
Minimum 5–7 years of experience in information security, with a focus on GRC.
Experience drafting security policies and conducting risk assessments.
Familiarity with compliance frameworks and audit processes.
Strong understanding of data governance, risk management, and security methodologies
Preferred: -Certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer. -Excellent communication, documentation, and stakeholder engagement skills.
