Information Security Specialist – Governance, Risk, and Compliance (GRC)

Job Description

This role focuses on Governance, Risk, and Compliance (GRC), involving policy development, risk assessment, compliance audits, and alignment with industry standards and regulations.

Key Responsibilities:

• Governance: Develop, update, and maintain security policies, standards, and procedures. Ensure alignment with frameworks like ISO 27001, NIST, and SOC 2. Report on security performance.
• Risk Management: Conduct risk assessments (including PIA and TRA), apply mitigation methodologies, act as a subject matter expert, and maintain the risk register.
• Compliance: Support internal and external audits against frameworks (NIST CSF/800-series, ISO 27001). Draft standards and ensure compliance with FIPPA and PHIPA. Participate in forensic audits.
• Third-Party & Contract Oversight: Create and assess RFI/RFP documents and vendor agreements for security controls. Coordinate with internal and external teams for compliance.

Qualifications:

• University degree in Computer Science, Engineering, or a related field.
• Minimum 5–7 years of experience in information security, with a focus on GRC.
• Experience drafting security policies and conducting risk assessments.
• Familiarity with compliance frameworks and audit processes.
• Strong understanding of data governance, risk management, and security methodologies

Preferred:
-Certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer.
-Excellent communication, documentation, and stakeholder engagement skills.