GRC Expert

We're looking for a Governance, Risk, and Compliance (GRC) expert to help shape and lead both our internal and customers' GRC strategies. In this role, you'll be responsible for developing and maintaining information security policies, managing risk processes, and ensuring compliance with standards such as ISO 27001, SOC 2, and relevant privacy regulations.

As part of your responsibilities, and beyond handling regulatory frameworks, you will also act as CISO as a Service for our customers, guiding them through security best practices, risk assessments, and compliance efforts, while serving as their trusted security advisor.

This is a great opportunity to apply your Information Security expertise in a high-growth, fast-paced environment, where you'll have real impact across multiple organizations.

Key Responsibilities:

GRC Program Leadership: Drive and significantly influence the company's GRC program.

Process and Policy Management: Design, maintain, and own GRC-related processes, policies, procedures, and guidelines.

Risk Management: 

• Lead ongoing risk management activities.
• Conduct risk assessments on systems, processes, vendors and maintain a security maturity program.
• Ensure remediation plans are implemented and carried out.

Compliance Operations:

• Oversee security compliance efforts, including ISO-27001, SOC2, and CSA-STAR certifications.
• Lead our security compliance operations, including ISO-27001, SOC2 and CSA-STAR.

Performance Monitoring: Develop, monitor, and maintain KPIs and OKRs for information security to ensure that controls are adequate and effective.

Security Awareness: Develop, deliver and maintain ongoing Information security & privacy awareness Program.

Audit and GRC Tools

• Execute and maintain the information security audit plan.
• Efficiently operate and leverage GRC tools for risk management, supplier security assessments, and privacy.

Communication & Support:

• Communicate risk methodologies to business units and R&D.
• Support sales teams in responding to customer and prospect questionnaires.

Collaboration: 

• Become a main stakeholder in privacy and internal audit processes along with the compliance team.
• Support and work with other information security functions (SecOps, AppSec, etc.)

Experience: 4+ years in information security, risk management, privacy, and compliance.

Knowledge:

• Information security and privacy regulations and standards such as ISO-27xxx, SOC2, CSA-STAR and privacy laws.
• Risk assessment and management methodologies/frameworks.

Proven Track Record:

• Leading major risk assessment projects and activities.
• Responding to customer security assessments and questionnaires (RFI, RFP, DPA).
• Building awareness programs, including evaluating effectiveness and improvements.
• Assessing existing security controls and defining new controls and solutions

Communication & Collaboration:

• Strong oral and written communication and presentation skills.
• Excellent technical communication and ability to partner and collaborate with multiple departments and stakeholders in the organization.
• Excellent business-level English proficiency (written and verbal).

Global Mindset: Experience working in a global environment.

• Knowledge and hands-on experience in assessment automation tools.
• Knowledge and hands-on experience in suppliers/vendors assessment tools.
• Formal cybersecurity and GRC certification (e.g., CISSP, CISM, CRISC, CISA, CIPM).
• Knowledge and experience in compliance activities for MRC and SOX.