Security Governance, Risk and Compliance Specialist

Security Governance, Risk and Compliance SpecialistHaving recognized the advantages of remote work, such as improved employee morale, increased productivity, and positive impacts on both employee wellbeing and the environment, we are proud to be a digital-first company. Our digital-first work environment, combined with our conveniently located offices and collaborative workspaces, provides our team with the freedom and flexibility to work in the most productive way for them.About UsTecsys is a fast-growing innovator offering supply chain solutions to industry leading healthcare systems, hospitals, and pharmacy businesses to distributors, retailers, and 3PLs. We work with industry leaders to transform their supply chains through technology. If you thrive on tackling interesting challenges with continuous learning opportunities, then Tecsys could be a good fit for youAbout The RoleWe are seeking a Security Governance, Risk and Compliance Specialist who will be involved in defining how security can enable business initiatives, and how we should meet security best practices, as well as applicable various contractual and regulatory requirements. The successful candidate will be supporting the implementation of a security risk management framework. The GRC specialist's role will also encompass the management of vendor risk and business continuity programs. As a security subject matter expert, you will recommend improvements to reduce, contain and mitigate identified risks, as well as partake in various business and security initiatives to improve Tecsys's security maturity.What You'll DoSupport continuous security risk management frameworkCollaborate with technical teams for the development, implementation and monitoring of required corrective action plans relating to security compliance issues or audit deficienciesCollaborate with stakeholders to define processes, automate and continuously monitor information security controls, exceptions, risks, testing and evidence gathering.Develop reporting metrics and dashboardsHelp identify cyber risks and solve various governance gaps and process inefficienciesDevelop, execute and actively partake in internal and external security and compliance assessment initiatives such as SOC 2, PCI-DSS, NIST, FedRAMPReview and optimize vendor risk management programMonitor existing controls and conduct periodic audits and reviews to ensure their efficiency and operating effectiveness, and to identify and report on potential issuesCollaborate with internal IT and business teams to identify cyber risks and prioritize security compliance-related improvementsAs security subject matter expert, support IT and cyber teams on the implementation of controls to meet security and privacy compliance requirements and best practicesSupport the development, review, update and optimization of security documentationRequirementsFormal Education & CertificationBachelor's degree in information systems or equivalent experienceMinimum 3 years of cumulated hands-on experienceKnowledge & ExperienceExperience in the development and implementation of governance, risk and compliance strategy and security control frameworkExperience in risk assessments and cyber risk management methodology/processesBroad knowledge of defense in depth security concepts and best practices through practical experienceGood knowledge of cybersecurity frameworks such as NIST, CIS, PCI DSSFamiliarity with business continuity process and planningFamiliarity with IP networking fundamentals and internet protocolsFamiliarity with Linux, Mac, and Windows operating systems, mobile devices, and the IT application landscapeFamiliarity with public cloud Infrastructure-as-a-Service (IaaS) environments and Software-as-a-Service (SaaS) solutions.Personal AttributesAbility to work with minimal supervisionStrong ability to define problems, collect and analyze data, establish facts and draw valid conclusions.Positive attitude and agile mindsetMotivated, team, and customer orientedNot afraid to failExcellent interpersonal skills.Ability to plan and deliver on commitmentStrong proficiency in both written and verbal English communication essential for effective correspondence with clients, suppliers, business partners, and colleagues beyond the province of Quebec.We understand that experience comes in many forms and that careers are not always linear. If you don't meet every requirement in this posting, we still encourage you to apply.At Tecsys, we are committed to fostering a diverse and inclusive workplace where all employees feel valued, respected, and empowered. We believe that diversity drives innovation and strengthens our ability to deliver exceptional solutions. We welcome and encourage applicants from all backgrounds, experiences, and perspectives to join our team.Tecsys is an equal opportunity employer. Accommodation is available for applicants selected for an interview.NB: if you are applying to this position, you must be a Canadian Citizen or a Permanent Resident of Canada, OR, have a valid Canadian work permit.Seniority levelAssociateEmployment typeFull-timeJob functionInformation TechnologyNon-profit Organizations and Primary and Secondary Education #J-18808-Ljbffr