GRC Specialist

Miovision provides cities with modern tools to fix today's traffic problems. We offer solutions that collect multimodal traffic data and uncover actionable insights, helping municipalities get more out of their road network. The result: streets capable of moving more people – safely and efficiently – whether they are in a car, on a bus, on a bike or e-scooter, or walking. Since 2005, our systems have counted more than nine billion vehicles around the world. We are headquartered in Kitchener, Canada and have operations in Germany, Serbia and the United States. For more information, visit miovision.com.

Position Summary

The GRC Specialist is a key member of the Miovision Security team and is responsible for managing innovative governance, risk and compliance (GRC) practices to identify and mitigate security risks. This role is critical to help the company defend our critical information and systems, understand the company’s information security environment, and help take the appropriate measures to protect our business and platforms. This hands-on position will work closely with all teams across the company to ensure our GRC practices are defined, operated and maintained using leading security practices. Ultimately, this role will help make Miovision systems and data more secure.

Key Accountabilities

• Lead the implementation and continual improvement of the Miovision GRC program, and be the subject matter expert on compliance and risk management practices.
• Achieve and maintain compliance with frameworks relevant to Miovision operations and customers, such as ISO 27001, SOC 2, NIST CSF, and NIST SP 800-53.
• Lead internal adoption of security policies, procedures, standards and best practices to ensure secure business operations, including vendor assessments, threat and risk analyses, and internal audits.
• Lead internal security audits and coordinate with external security auditors to review Miovision IT and security processes, risks, controls, and compliance against selected frameworks to assess capability maturity and identify gaps in design and execution.
• Actively participate in and support the Miovision data governance program.
• Proactively communicate updates, metrics, issues and recommendations to stakeholders and senior management.
• Assist with establishing a coordinated response to complex cyber-attacks that threaten the company’s information and assets.
• Actively participate in security operations, including software updates, patching, and incident response, and be a security subject matter expert to assist others across the organization, as needed.

Skills/Qualifications

• Working knowledge of and experience with industry compliance and risk management frameworks, including ISO/IEC 27001, SOC 2, NIST CSF, and NIST SP 800-53.
• Hands-on experience in managing an effective GRC program or related compliance projects, including championing the activities, performing assessments and internal audits, and writing clear documentation (policies, procedures, reports, etc.).
• Demonstrated analytical and pragmatic approach to cybersecurity, compliance and risk.
• Proven ability to collaborate and affect change, with a focus on performance excellence and continuous improvement.
• Excellent written and verbal communication skills, including the ability to communicate effectively across an organization.
• 2+ years of experience in compliance or risk management roles.
• 3+ years of experience in cybersecurity roles.

Additional Assets

• Passion for security and learning.
• Certified Information Systems Security Professional (CISSP); Certified in Governance, Risk and Compliance (CGRC); Certified in Risk & Information Systems Control (CRISC) or similar certification.

Perks and Benefits

Note: We do offer flexible onsite and remote work options. Our Benefits are designed to reflect this and include:

• Comprehensive health benefits starting on day one
• RRSP Matching Plan
• Variable Incentive Plan
• Mio-Days: We extend all three-day weekends to four-days and provide a Holiday Shutdown in December
• Virtual Healthcare Service providing employees and their families access to healthcare providers 24/7
• Internet subsidy and a remote work allowance
• Enhanced paternity and maternity leaves
• Unlimited vacation policy
• Wellness offerings (Fitness, Mindfulness)