Cyber Governance, Risk and Compliance specialist

LeverageTek is actively seeking a Governance Risk and Compliance Specialist (GRC) – Technology and Enterprise Risk for a permanent position with its Ottawa-based customer.


Hybrid preferred (1x/week onsite) or Remote (ON/QC)


Deliver new security program capabilities by leading IT security, GRC, and cloud technology projects; scope of projects may include IT selection and procurement, development of detailed project, resource, and communications plans, coordination with both IT and organizational change management, and providing task direction to other senior project team members
Deliver daily operations for IT security risk and compliance management programs and associated governance frameworks, including but not limited to:
Complete IT security risk assessments and associated reporting
Perform GRC monitoring, reporting, and policy enforcement by making maximum effective use of automated available from Azure, Microsoft 365, and associated tools
Perform supply chain security assessments across IT products, SaaS and hosted services, and other 3rd party support services partners to ensure security controls are appropriate for business needs and the sensitivity of data involved
Develop and maintain reporting of key measures and metrics for IT security risk, prepare monthly, quarterly, and annual risk reporting artifacts, and support presentation of relevant material to management and executive stakeholders
Develop, implement, and maintain effective monitoring of external and internal cybersecurity threat context and impacts to risk posture
Conduct assessments of security posture, control implementation maturity, and conformance to security policies, standards, and guidelines – including coordination of 3rd party assessments and security penetration testing
Prepare reports, policies, standards, and other documentation of a high standard regarding cyber security guidance and/or requirements
Provide business impact context assessment and guidance related to IT resiliency for service continuity and disaster recovery
Participate in security incident responses as a member of the incident response team and support post-event root cause and risk analysis, providing recommendations towards continuous improvement and risk reduction
Develop security policies and operational procedures, including for cybersecurity incident response processes and playbooks, security configuration management, security in system development lifecycle, etc.
Provide IT security, risk, and compliance advisory support:
Within Technology Solutions to ensure security needs are addressed for all IT domains and to support the integration and continuous improvement of IT security risk and compliance management into IT architecture, engineering, software, system integration, and system development lifecycle processes
To the enterprise, including for domains of vendor and supply-chain security, project threat risk assessments, and operational risk inputs to enterprise risk management
Provide high quality and customer-focused support to both IT and user/stakeholder clients by responding to requests and assignments in a timely, respectful, constructive, and responsive manner
Recent experience in a Governance Risk and Compliance role supporting Enterprise Risk with a focus on Technology and IT Security
Experience with Microsoft Purview supporting Enterprise-wide initiatives related to data protection (data loss and data leakage)
Experience in a GRC capacity leading the Technology and IT Security risk function while also working very closely with other business stakeholders such as HR, Legal, Finance, Procurement, Vendor Management, Supply Chain etc.


University degree in the field of Computer Science, Information Technology, or in a related discipline
~2+ years of experience in security program implementation
~ Delivering security and technology projects involving the implementation and deployment of new capabilities, transition of services to production operations, and successful adoption by users
~ Developing effective IT security policy, standard, and guideline documentation
~ Developing governance frameworks and associated documentation for IT security risk management or compliance programs
~ Preparing risk, compliance, and/or security program reporting for senior management and/or Board stakeholders
~ Assessing current state compliance against selected IT security and control frameworks, standards, or audit charter objectives
~ Conducting security maturity and gap assessments against a desired target control posture state
~ Conducting IT security threat and risk assessments (TRA) and preparing formal TRA reporting documentation
~ Selecting, applying, and assessing security control implementation for:
~ Azure infrastructure services including virtual machines, network security groups, and network zoning
~ Azure native services, such as backup, encryption, and monitoring
~ Microsoft 365 services
~ On premise network infrastructures, including boundary protections, monitoring, and network zoning
~ Portable and mobile computing devices, including Windows and Mac laptops, and mobile iOS platforms
~ Implementing, monitoring, and reporting from Azure and M365 portals and tools, such as Security Center, for supporting compliance, vulnerability management, and security score posture optimization
~ Ability to lead complex IT and security implementation projects involving organization-wide rollout and that rely on successful adoption by key stakeholders and/or large user audiences
~ Ability to deliver daily operational tasks that must be prioritized effectively around competing project and incident response demands
~ Ability to successfully deliver a broad program of responsibilities and projects according to a multi-year implementation roadmap
~ Expertise with Azure and Microsoft 365 security and compliance capabilities for control implementation and current state reporting of posture and compliance
~ General knowledge of networking and IT security concepts and technologies
~ Results oriented with excellent time and project management skills
~ Strong ability to handle multiple concurrent and time-sensitive priorities, able to own and guide projects from beginning to end
~ creative, innovative, and collaborative out of the box thinker
~ Assets
Prior experience with Microsoft Purview, Microsoft Information Protection, or Azure Information Protection
Developing Disaster Recovery and IT resiliency preparedness, including conducting business impact assessments, developing business and/or service continuity plans, and developing or exercising disaster recovery plans
Security operations and event investigations, security incident response, network or web application penetration testing, or digital forensics
Applying IT security and compliance concepts to Google Cloud Platform (GCP) environments.
Integrating IT security, compliance, and operations capabilities across multiple public cloud tenants


Since our company’s inception in March 2003, LeverageTek IT Solutions has worked resolutely to become one of the industry’s most recognized and trusted suppliers of technology staffing and business consulting services. With hundreds of successful engagements to our credit with many of Canada’s leading public and private sector organizations, we are the experts in identifying, deploying, and supporting IT and business talent on a contract, contract-to-hire, and permanent basis. We work with customers across all sectors including academia, aerospace, aviation, finance, government, health care, high tech, military, not-for-profit, and more.


Accessibility accommodations are available upon request.