Security Governance, Risk and Compliance specialist at Tecsys managing risk frameworks and vendor relations. Develops security strategies and collaborates across teams to improve security maturity.
Responsibilities
Support continuous security risk management framework.
Collaborate with technical teams for the development, implementation and monitoring of required corrective action plans relating to security compliance issues or audit deficiencies.
Collaborate with stakeholders to define processes, automate and continuously monitor information security controls, exceptions, risks, testing and evidence gathering.
Develop reporting metrics and dashboards.
Help identify cyber risks and solve various governance gaps and process inefficiencies.
Develop, execute and actively partake in internal and external security and compliance assessment initiatives such as SOC 2, PCI-DSS, NIST, FedRAMP.
Review and optimize vendor risk management program.
Monitor existing controls and conduct periodic audits and reviews to ensure their efficiency and operating effectiveness, and to identify and report on potential issues.
Collaborate with internal IT and business teams to identify cyber risks and prioritize security compliance-related improvements.
As security subject matter expert, support IT and cyber teams on the implementation of controls to meet security and privacy compliance requirements and best practices.
Support the development, review, update and optimization of security documentation.
Requirements
Bachelor’s degree in information systems or equivalent experience
Minimum 3 years of cumulated hands-on experience
Experience in the development and implementation of governance, risk and compliance strategy and security control framework.
Experience in risk assessments and cyber risk management methodology/processes.
Broad knowledge of defense in depth security concepts and best practices through practical experience.
Proven experience conducting security audits such as SOC2 or PCI DSS.
Experience with cybersecurity frameworks such as NIST, CIS.
Good knowledge of business continuity process and planning.
Familiarity with IP networking fundamentals and internet protocols.
Familiarity with Linux, Mac, and Windows operating systems, mobile devices, and the IT application landscape.
Proven experience with governing the security of public cloud platforms such as AWS and Azure.
Ability to work with minimal supervision.
Strong ability to define problems, collect and analyze data, establish facts and draw valid conclusions.
Positive attitude and agile mindset.
Motivated, team, and customer oriented.
Not afraid to fail.
Excellent interpersonal skills.
Ability to plan and deliver on commitment.
Strong proficiency in both written and verbal English communication essential for effective correspondence with clients, suppliers, business partners, and colleagues beyond the province of Quebec.
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.