Governance, Risk and Compliance Specialist

**Meet the Smart Safety Company**

At Safe Fleet our name says it all. We make fleet vehicles - and everyone in and around them - safer. Our fleet safety platform brings together best-in-class products, ground-breaking technology, and a 100-year history of fleet know-how and innovation to solve the world’s biggest fleet safety problems.

Our core value is safety. Without safety first, efficiency and productivity are not possible. This is true for our products, our culture, and our relationship with our community. Our vision is to reduce preventable deaths and injuries in and around fleet vehicles with a goal of ZERO accidents.

We are re-defining what safety means for fleets of every type - from school buses to waste collection trucks, firefighting to utility vehicles, police cruisers to delivery vans.

Whether you work in our Charlotte plant to build life-saving stop arms for school buses, or design advanced camera vision products in our Vancouver office, forge valves and high-quality nozzles to fight fires, or dream up new ways to protect fleet operators in our Corporate HQ in Kansas City, you’ll contribute to our goal to keep everyone safe.

We are a fast-growing manufacturing, service, and technology company with over 1700 employees in over 15 locations across Canada and the US. We’re looking for motivated self-starters with innovative thinking to join our team and help us achieve our growth and performance goals. Sound like you?

**Job Summary**

****

As a Governance, Risk and Compliance Specialist, you will play a pivotal role in helping the organization maintain secure systems and processes while adhering to regulations and industry standards. Your expertise will be instrumental in conducting security assessments, developing and implementing policies, and ensuring compliance with relevant laws and regulations.

**Responsibilities**
- Support and assist the GRC Manager in conducting external audits, including but not limited to SOC 2 Type 2 and ISO27001 assurance engagements.
- Responsible for the examination and analysis of internal controls and business risks by performing IT audit work, developing audit scope, performing audit procedures, assessing potential gaps, designing remediation plans, and preparing audit reports.
- Conduct period threat and risk assessment, security and privacy reviews and ad hoc compliance-specific reviews.
- Plan, monitor and conduct testing of the current controls stack
- Report on the results of these assessments, assist in designing the remediation plans for potential gaps.
- Identify additional opportunities for businesses to enhance their information security and privacy posture.
- Deliver security risk management engagements supported by leading practices like ISO 27001, SOC 2, NIST 800-53, CCPA for data privacy, and relevant risk management frameworks.
- Support management in engagement planning and management processes.
- Create, implement, and maintain the information security policies and procedures. Ensure alignment with organizational goals and industry best practices such as ISO27001.
- Collaborate with stakeholders to ensure policies are effectively updated, communicated and adhered to across the organization.
- Assist in preparing reports for senior management and department heads.
- Work with various teams and management from HR, IT, Legal and Engineering departments to align security initiatives with business objectives.

**Salary**:$75,000 - $85,000/yr

At Safefleet, we are an equal opportunity employer that is committed to creating a diverse and inclusive workplace where everyone is valued and respected. We embrace diversity and do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other legally protected status. We promote fair and equitable hiring practices and foster a culture of inclusivity and respect. Our core values of integrity, innovation, teamwork, customer focus, and safety guide our efforts to provide a workplace where all employees can thrive and reach their full potential.

**Requirements**:

- Experience with SOC 2 & ISO 27001 or relevant frameworks is a MUST. Exposure with GovRAMP, TxRAMP or CJIS is good to have.
- Exposure to privacy compliance as per CCPA is good to have.
- Experience with GRC tools such as AuditSource or Drata is good to have.
- Deep understanding of information security principles and best practices.
- Knowledge of relevant regulations and compliance frameworks.
- Certifications (e.g., CISA, CISM, CISSP) are good to have.
- Bachelor’s degree in a related field of Information technology/Auditing or demonstrated experience in this field.