Findings and Remediation specialist handling audit/compliance findings in Cyber Governance & Compliance team. Collaborating with IT, Finance, and auditors to improve control maturity.
Responsibilities
Own and operate the enterprise findings and remediation program across all IT (intake, triage, assignment, due dates, status cadence, evidence validation, and closure)
Establish and enforce a consistent remediation methodology (root cause analysis, corrective action design, milestones, risks/dependencies, and closure criteria)
Lead cross-functional remediation governance (weekly/bi-weekly operating cadence), including escalations and executive-ready reporting
Ensure remediation plans are realistic and control-effective (fix the control, not just the symptom) and coordinate validation readiness for re-testing
Maintain a single, accurate view of compliance commitments and progress (52-109-related gaps, internal audit/external audit findings, self-assessment results, management action plans)
Track and report key program metrics (aging, overdue, theme analysis, repeat findings, control failure trends) and propose targeted improvement initiatives
Partner with IT control owners to improve operational discipline (ticket quality, evidence retention, SOP adherence) and reduce friction during audits
Contribute to continuous improvement of standards, templates, and tooling to make remediation work repeatable and scalable (and reduce manual effort)
Be a key element in our Automation and AI implementation plan.
Requirements
University degree in information systems, business, cybersecurity, or any combination of equivalent education and experience
Minimum 3 years of relevant experience in technology risk, audit remediation, IT compliance, or complex cross-functional program management
Demonstrated experience managing audit or compliance findings and driving remediation to closure in an IT environment
Solid understanding of IT processes and control concepts (access, change, operations, SDLC fundamentals) and familiarity with compliance frameworks/norms (e.g., 52-109; ISO 27001; familiarity with other industry norms such as SOX is an asset)
Strong stakeholder management skills with the ability to challenge constructively and drive accountability across multiple IT teams
Strong analytical skills and ability to synthesize complex status into clear, decision-ready reporting
Highly organized, detail-oriented, and comfortable working with deadlines, ambiguity, and changing priorities
For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
No Canadian work experience required; however, must be eligible to work in Canada.
Benefits
Flexible work arrangements and a hybrid work model
Possibility to purchase up to 5 extra days off per year
Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
Our pension offerings provide flexibility and long-term security for our employees beyond their careers.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.
Senior Product Security Consultant at CENSUS LABS evaluating software security and threats. Responsible for validating security compliance and reporting on risks in complex systems.
Container Security Consultant needed for 12 - month contract with enterprise bank in Toronto. Must have strong container security experience with OpenShift, Docker, Kubernetes.
Technical Program Manager managing security programs aligned with security strategy at Guidewire. Collaborating with various stakeholders to enhance security maturity and efficiency.
Senior IT Architect specialized in Security & Networking infrastructure technologies leading architecture development for technology projects. Collaborating with multiple teams to ensure alignment with strategic objectives.
Director of IT Security leading the cybersecurity strategy for a remote workforce at Directive Consulting. Responsible for risk management, incident response, and compliance initiatives.