Security GRC Specialist

Base pay range

CA$/yr - CA$/yr

We're looking for an experienced Security GRC Specialist to join our growing Security GRC team. Reporting to the Director of Security Governance, Risk & Compliance (GRC), the Security GRC Specialist will govern the risk management lifecycle, including monitoring findings remediation, assurance programs and reporting appropriate metrics to senior leadership.

• Service - You put your clients' needs first. You advocate service excellence, and work to deliver client-centric solutions, and proactively develop strategic partnerships that allow Aviso to become a trusted advisor and partner.
• Execution - You are committed to achieving your goals and to succeed. This includes focusing on "getting things done", and recognizing and taking advantage of opportunities as they arise. You are consistently looking for ways to improve your personal best and see value in continuous improvement. You take accountability for your actions and learn from mistakes.
• Collaboration - You work collaboratively with others with the common goal of driving positive results. Making meaningful contributions to your team to achieve organizational goals is a priority. You proactively encourage collaboration, build trust and inclusion, and work to establish effective relationships both inside and outside the organization.

• Conduct risk assessments of IT infrastructure, applications, third parties, and critical processes to identify, assess and report on technology and cybersecurity risks.
• Track and manage mitigation plans and ensure timely resolution.
• Support the development and maintenance of cybersecurity risk register KPI monitoring and reporting.

• Assist in development, review and maintenance of Technology & Cybersecurity Policies, Standards, and procedures.
• Ensure alignment of internal policies with industry frameworks (NIST, ISO, COBIT).
• Support audits and board level reporting including preparing key metrics.

• Monitor compliance with external regulatory and internal control requirements.
• Support internal and external audits.
• Conduct periodic control testing including design and operating effectiveness.

• Support vendor risk assessments, including reviewing response to questionnaire.

• Maintain and enhance governance process through GRC tools (e.g., Archer, Service Now GRC, Resolver etc.).
• Support reporting, dashboard creation and automation of risk and compliance processes.

• Bachelor's Degree in Information Security, Computer Science, Business, Risk Management or a related field.
• Relevant certifications such as CRISC, CISA, CISSP are an asset.
• 5-8 years of experience in IT risk, cybersecurity risk, audit, compliance or equivalent roles.
• Working knowledge of IT governance frameworks and standards (e.g., NIST CSF, ISO 27001, ITIL).
• Familiarity with regulatory and compliance requirements.
• Experience with GRC platforms and tools.
• Ability to work in a fast-paced environment and stay updated on emerging threats and vulnerabilities.
• Proactiveness, natural curiosity, a willingness to learn, adaptability in an evolving environment, and a strong problem-solving mindset.
• Ability to work across multiple business units and collaborate across teams.
• Fluent communication skills in English are required and bilingual skills in French are an asset.

• Competitive compensation package that rewards and recognizes individual contributions.
• Excellent health, dental and insurance benefits to meet the diverse needs of our employees.
• Generous vacation time, fitness benefit, parental leave top-up options.
• Matching contributions to our retirement program.
• Commitment to the continuous improvement of our staff through learning & development and an education assistance program.
• Regular social events to foster teamwork.

By submitting your application, you consent to the collection, use, and disclosure of your provided personal information for the purposes of assessing your qualifications and suitability for employment with Aviso. Your information will be handled in accordance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial legislation. Your data may be shared with authorized personnel involved in the recruitment process and retained only as long as necessary to fulfill these purposes or as required by law.

Aviso welcomes and encourages applications from all qualified individuals including persons with disabilities. If you require an accommodation, we will work with you to meet your needs in all stages of the hiring process. We thank all applicants for their interest, however, only those selected for further consideration will be contacted. No recruiters or agencies, please.

Associate

Full-time

Information Technology

IT Services and IT Consulting