The Opportunity:We're looking for an experienced Security GRC Specialist to join our growing Security GRC team.
Reporting to the Director of Security Governance, Risk & Compliance (GRC), the Security GRC Specialist will be responsible to govern the risk management lifecycle, including monitoring findings remediation, assurance programs and reporting appropriate metrics to the senior leadership.
Who you are:- Service - You put your clients' needs first. You advocate service excellence, and work to deliver client-centric solutions, and proactively develop strategic partnerships that allow Aviso to become a trusted advisor and partner
- Execution - You are committed to achieving your goals and to succeed. This includes focusing on "getting things done", as well as recognizing and taking advantage of opportunities as they arise. You are consistently looking for ways to improve your personal best and see value in continuous improvement. You take accountability for your actions and learn from mistakes
- Collaboration - You work collaboratively with others with the common goal of driving positive results. Making meaningful contributions to your team to achieve organizational goals is a priority. You proactively encourage collaboration, build trust and inclusion, and work to establish effective relationships both inside and outside of the organization
What your day looks like:Risk Management
- Conduct risk assessments of IT infrastructure, applications, third parties, and critical processes to identify, assess and report on technology and cybersecurity risks
- Track and Manage mitigation plans and ensure timely resolution
- Support the development and maintenance of cybersecurity risk register KPI monitoring and reporting
Governance
- Assist in development, review and maintenance of Technology & Cybersecurity Policies, Standards, and procedures
- Ensure alignment of internal policies with industry frameworks (NIST, ISO, COBIT) •
- Support audits and board level reporting including preparing key metrics
Assurance
- Monitor compliance with external regulatory and internal control requirements
- Support internal and external audits • Conduct periodic control testing including design and operating effectiveness
Third Party Risk
- Support vendor risk assessments, including reviewing response to questionnaire
GRC Tools •
- Maintain and enhance governance process through GRC tools (e.g., Archer, ServiceNow GRC, Resolver etc.)
- Support reporting, dashboard creation and automation of risk and compliance processes
RequirementsYour experience and skills:- Bachelor's Degree in Information Security, Computer Science, Business, Risk Management or a related field
- Relevant certifications such as CRISC, CISA, CISSP are an asset
- 5-8 years of experience in IT risk, cybersecurity risk, audit, compliance or equivalent roles
- Working knowledge of IT governance frameworks and standards (e.g., NIST CSF, ISO 27001, ITIL)
- Familiarity with regulatory and compliance requirements
- Experience with GRC platforms and tools
- Ability to work in a fast-paced environment and stay updated on emerging threats and vulnerabilities
- Proactiveness, natural curiosity, a willingness to learn, adaptability in an evolving environment, and a strong problem-solving mindset
- Ability to work across multiple business units and collaborate across teams
- Fluent communication skills in English are required and bilingual skills in French are an asset
BenefitsWhy Aviso?At Aviso, you will find a dynamic and inclusive culture that rewards innovation and celebrates success.
Here are a few things that set us apart:
- Competitive compensation package that rewards and recognizes individual contributions
- Excellent health, dental and insurance benefits to meet the diverse needs of our employees
- Generous vacation time, fitness benefit, parental leave top-up options
- Matching contributions to our retirement program
- Commitment to the continuous improvement of our staff through learning & development and an education assistance program
- Regular social events to foster teamwork
SalaryThis position is posted with an expected salary range of $105000 - $125,000 CAD annually. Individual compensation packages are based on various factors unique to each candidate and the requirements of the position.
