YOUR CONTRIBUTION WILL MAKE A POSITIVE IMPACTAs a Security, Risk and Audit Advisor, you are a seasoned professional with solid and recognized expertise across various areas of information security. Your primary responsibilities include contributing to the implementation and continuous improvement of GIRO's security program and advising internal teams on information security best practices.
Reporting directly to the Director, Governance, Compliance and Risk Management, your role is divided into two components:
Governance, Risk and Compliance (GRC) - Implementing and Enhancing the Security Program- Identify and maintain security controls based on risks and contractual and regulatory requirements.
- Evolve security policies, procedures, guidelines, and other documentation to accurately reflect our security processes.
- Plan and participate in annual internal and external security audits and work closely with auditors to maintain security certifications.
- Monitor and follow up on the risk treatment plan.
- Support the Director in developing the security roadmap and in delivering security-related projects.
Advisory Role - Supporting Internal Teams (e.g., software development, client project management, and client delivery teams)- Perform and continuously evolve security risk and threat assessments (TRA).
- Identify security measures required at each stage of the SDLC and support teams in the design, implementation, awareness, and documentation of their internal controls.
- Support teams in the design, implementation, awareness, and documentation of their internal controls.
SKILLS AND QUALIFICATIONS THAT WILL MAKE YOU A KEY PILLAR OF OUR TEAM- At least 10 years of experience in a GRC security advisory role.
- University degree in a relevant discipline.
- Holds a CISA, CISM, CRISC, or CISSP certification, or equivalent.
- Strong knowledge of ISO 27001, ISO 27701, and SOC 2 standards.
- Knowledge of ISO 42001 (asset).
- Knowledge of security frameworks such as NIST CSF, NIST SSDF, and OWASP DSOMM.
- Strong knowledge of secure software development practices (SDLC, OWASP, DevSecOps).
- Experience using GRC tools (e.g., AuditBoard, BitSight, KnowBe4, or similar).
- Advanced experience using MS Office tools (Excel, PowerPoint, Word, Azure DevOps, Teams).
- Bilingual, spoken and written French (mandatory) and English (the position requires proficiency in English due to occasional interactions with English-speaking employees, clients, and suppliers).
READY TO HELP SHAPE THE FUTURE WITH US?Apply today and connect with our Talent Acquisition team. We look forward to meeting you!
