HiringCafe
Posted 2mo ago

Security Governance, Risk and Compliance Specialist

@ Tecsys
View All Jobs
Montreal, Quebec, Canada
HybridFull Time
Responsibilities:Manage risk, Audit security, Monitor controls
Requirements Summary:Bachelor’s degree in information systems or equivalent; minimum 3 years hands-on experience; governance, risk and compliance, security controls, audits (SOC2/PCI DSS), cloud (AWS/Azure), Linux/Mac/Windows, networking, business continuity.
Technical Tools Mentioned:SOC2, PCI DSS, NIST, CIS, AWS, Azure, Linux, Windows, macOS, Networking
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Having recognized the advantages of remote work, such as improved employee morale, increased productivity, and positive impacts on both employee wellbeing and the environment, we are proud to be a digital-first company. Our digital-first work environment, combined with our conveniently located offices and collaborative workspaces, provides our team with the freedom and flexibility to work in the most productive way for them.

About us

Tecsys is a fast-growing innovator offering supply chain solutions to industry leading healthcare systems, hospitals, and pharmacy businesses to distributors, retailers, and 3PLs. We work with industry leaders to transform their supply chains through technology. If you thrive on tackling interesting challenges with continuous learning opportunities, then Tecsys could be a good fit for you!

About the Role

We are seeking a Security Governance, Risk and Compliance specialist who will be involved in defining how security can enable business initiatives, and how we should meet security best practices, as well as applicable various contractual and regulatory requirements. The successful candidate will be supporting the implementation of a security risk management framework. The GRC specialist’s role will also encompass the management of vendor risk and business continuity programs. As a security subject matter expert, you will recommend improvements to reduce, contain and mitigate identified risks, as well as partake in various business and security initiatives to improve Tecsys’s security maturity.

What you’ll do

  • Support continuous security risk management framework.
  • Collaborate with technical teams for the development, implementation and monitoring of required corrective action plans relating to security compliance issues or audit deficiencies.
  • Collaborate with stakeholders to define processes, automate and continuously monitor information security controls, exceptions, risks, testing and evidence gathering.
  • Develop reporting metrics and dashboards.
  • Help identify cyber risks and solve various governance gaps and process inefficiencies.
  • Develop, execute and actively partake in internal and external security and compliance assessment initiatives such as SOC 2, PCI-DSS, NIST, FedRAMP
  • Review and optimize vendor risk management program.
  • Monitor existing controls and conduct periodic audits and reviews to ensure their efficiency and operating effectiveness, and to identify and report on potential issues.
  • Collaborate with internal IT and business teams to identify cyber risks and prioritize security compliance-related improvements
  • As security subject matter expert, support IT and cyber teams on the implementation of controls to meet security and privacy compliance requirements and best practices
  • Support the development, review, update and optimization of security documentation.