GRC Expert

We’re looking for a Governance, Risk, and Compliance (GRC) expert to help shape and lead both our internal and customers’ GRC strategies. In this role, you'll be responsible for developing and maintaining information security policies, managing risk processes, and ensuring compliance with standards such as ISO 27001, SOC 2, and relevant privacy regulations.

As part of your responsibilities, and beyond handling regulatory frameworks, you will also act as CISO as a Service for our customers, guiding them through security best practices, risk assessments, and compliance efforts, while serving as their trusted security advisor.

This is a great opportunity to apply your Information Security expertise in a high-growth, fast-paced environment, where you’ll have real impact across multiple organizations.

Key Responsibilities:

GRC Program Leadership: Drive and significantly influence the company's GRC program.

Process and Policy Management: Design, maintain, and own GRC-related processes, policies, procedures, and guidelines.

Risk Management:

• Lead ongoing risk management activities.
• Conduct risk assessments on systems, processes, vendors and maintain a security maturity program.
• Ensure remediation plans are implemented and carried out.
  
  

• Oversee security compliance efforts, including ISO-27001, SOC2, and CSA-STAR certifications.
• Lead our security compliance operations, including ISO-27001, SOC2 and CSA-STAR.
  
  

• Execute and maintain the information security audit plan.
• Efficiently operate and leverage GRC tools for risk management, supplier security assessments, and privacy.
  
  

• Communicate risk methodologies to business units and R&D.
• Support sales teams in responding to customer and prospect questionnaires.
  
  

• Become a main stakeholder in privacy and internal audit processes along with the compliance team.
• Support and work with other information security functions (SecOps, AppSec, etc.)
  
  

• Information security and privacy regulations and standards such as ISO-27xxx, SOC2, CSA-STAR and privacy laws.
• Risk assessment and management methodologies/frameworks.
  
  

• Leading major risk assessment projects and activities.
• Responding to customer security assessments and questionnaires (RFI, RFP, DPA).
• Building awareness programs, including evaluating effectiveness and improvements.
• Assessing existing security controls and defining new controls and solutions
  
  

• Strong oral and written communication and presentation skills.
• Excellent technical communication and ability to partner and collaborate with multiple departments and stakeholders in the organization.
• Excellent business-level English proficiency (written and verbal).
  
  

• Knowledge and hands-on experience in assessment automation tools.
• Knowledge and hands-on experience in suppliers/vendors assessment tools.
• Formal cybersecurity and GRC certification (e.g., CISSP, CISM, CRISC, CISA, CIPM).
• Knowledge and experience in compliance activities for MRC and SOX.