Sr. Compliance And Risk Specialist for Canadian Bank Note Company Limited in Ottawa Ontario Canada (salary not disclosed)
What Will You Do?
As a CBN Senior Compliance and Risk Specialist you will have a central role in developing and delivering compliance and risk programs as necessitated by the organization.
- Understand the risk/compliance gaps in our global systems, articulate a vision and work across teams to get us there
- Be the key player responsible for spearheading initiatives to identify, investigate and improve security risks within CBN Operations Global Infrastructure.
- Conduct Risk Assessments within customer systems to quickly assess associated risks, recommend actions and develop plans for remediation.
- Design and deliver security strategies, produce architectural models, detailed assessments, and present reports to meet Canada / US and Global security requirements.
- Research and deliver tooling and strategies for CBN’s AppSec program to address risk assessments in an automated fashion at scale. Build relationships with stakeholders across groups to understand assessment needs, advise on how it should be handled and the associated notification process.
- Take an active role in educating customers, executives, stakeholders, infrastructure personnel and developers on best practices for security
You will work interdependently with cross organizational teams to plan and complete compliance audits; develop audit reports, create, and maintain risk frameworks and present findings and actions to senior leadership. With your background you will be able to effectively provide guidance to our organizations allowing them to develop and mature their controls aligned to relevant compliance frameworks. You will also be accountable for maintaining and updating registers, tracking findings for stakeholders, and reviewing risks with appropriate leaders. You will be accountable for leading and scheduling compliance assessments and audits and preparing/collecting/reviewing documentation and evidence when necessary. You will be responsible for the maintenance and active in the approval of applicable policies and required documents. To support our program, you will have extensive in applicable compliance frameworks and aptitude to comprehend alignment of controls between frameworks.
As part of our Cyber Security team, you may also be called upon to assist in investigating security events and participate in relevant IT security projects as necessitated by the organization. Your relevant IT experience will help facilitate your flexibility within the role. We need you to be interested, focused and current in today’s compliance and risk landscape enabling you to provide guidance to CBN Leadership on priorities and programs. As an incentive, you can count on our teams support as you grow. At CBN we pride ourselves in creating and actioning our staff’s ongoing development plans.
What Will Help You Succeed?
We are looking for an individual with extensive experience in IT auditing, savvy in the reality of today’s business pressures and able to provide guidance that is practical in the context of CBN’s operational maturity. You will draw on your extensive real world industry experience which will facilitate your ongoing success. We will support and expect you to stay current on your accreditations and may request further certifications as our business develops.
- Bachelor’s degree or college diploma in Information Systems, Computer Science, or related field is an asset.
- 8 + years of experience directly in a relevant Compliance, auditing and/or risk role
- 3+ years of experience in a cyber and/or corporate security organization.
- 3+ years of experience in developing and delivering compliance assessments, creating, and presenting reports to executives and handling external auditors
- Certification and expert level experience in one or more of the following compliance frameworks or disciplines; ISO27001-2013, PCI-DSS V3.0+, SOC2 (level I and II), FedRamp, StateRamp, Applicable ITSGC’s, CSA, Privacy.
- SANS, ISACA or GIAC certification is preferred.
- Demonstrable experience developing, reviewing, and delivering risk assessments,
- Experience in working with Unified Compliance Frameworks and GRC tools,
- Experience in industry recognized threat and risk management methodologies,
- Experience with Azure / AWS Compliance highly desired
- Ability to communicate current Cybersecurity Risks to Senior Management
- Extended experience succeeding in various multi-dimensional enterprise organizations,
- Excellent communication skills and ability to work independently and as a part of a high, performing team,
- Knows how to manage work/life balance
- The ability to obtain and maintain Government of Canada Secret (Level II) clearance.
For more info.:https://theucf.info/YCT3RO