Risk and Compliance Specialist

CybercClan is seeking a Risk and Compliance Specialist to support the delivery of Risk Management Services (RMS), comprised of Cybersecurity Programs, Compliance Standards, Cybersecurity Frameworks, Cyber Risk Assessments, vCISO Services, Governance Risk & Compliance (GRC), Security Awareness and Training Education. Additionally, this individual will serve as a Subject Matter Expert (SME), mentor the team, and work with external clients. This position requires a motivated, fast learner.The candidate will be required to support the delivery of all security, risk, compliance-related activities for customer accounts. Maintain and oversee relationships for the delivery organizations providing security support. Provide in-house consultancy on information risk management matters and advise on implementing security controls on the accounts. Regularly, meet with the project manager and/or clients to review security status, review any risks, issues, reports, outstanding activities. This role will require security industry knowledge that evolves with current and emerging threats, risk and compliance frameworks, and an ongoing understanding of key business and technological processes. In addition, this role will assist in improving the risk management services process internal delivery capability and helping build an internal practice with a strong focus on delivery expectations and utilization.Essential FunctionsExecute cyber security threat, vulnerability, & gap assessments by recognizing all the critical assets & collaborating with the associated stakeholdersCertify the cyber resistance of the digital infrastructure from organizational awareness, tools, & technologies to human influencesDevelopment of all cyber security activities required for major infrastructure projects from requirements management, early feasibility phases, through design, test, & commissioning, into the revenue demonstration & operationsAccomplish & eventually spearhead a team to perform the necessary analysis to deliver all the required evidence to support the project's needsPlan, prepare & implement a cyber security testing strategy to confirm the resilience of the digital infrastructure to external & internal threatsActively plan, develop, deliver, & implement CyberClan risk management services, governance, risk & compliance frameworks, gap assessments, consulting & other services to support CyberClan's global delivery efforts.Develop & implement applicable security policies, procedures & practicesConduct risk & privacy assessments of information systems business processesCollaborate with clients to ensure that appropriate controls are installed & operating correctly, following the corporate policies. Conduct periodic audits where applicableConduct vulnerability scans & system hardening where applicableAct as an external and/or internal information security consultant to the business & technology units, advising on risks, threats & control practices related to Rapid Response.Establish security event & incident response playbooks for an effective technical responseAnalyze external sources of threat and vulnerability information to identify actions that need to be taken within the enterpriseCoordinate risk assessment & manage the remediation of findingsRun & analyze vulnerability & compliance scans to support continuous monitoring reporting & vulnerability managementProvide support during annual recertifications & assessments conducted by third partiesDocument actions in cases to effectively communicate information to internal and/or stakeholders as well as for historical retrievalRequired Skills, Experience, Degrees or Certification8+ years experience in IT and/or information security, risk management, or information security audit experience in an enterprise environment.B.S. in Computer Science, Engineering, or equivalent degreeStrong knowledge in security controls frameworks and the underlying technologies that enable them (endpoint security, firewalls, IDS/IPS, EDR/MDR software, behavioural analytics, anomaly detection, threat intelligence, vulnerability management).Experience with ISO 27001, GDRP, NIST, PCI, SOC, CMMC, Cyber Essentials and regulatory compliance program management.Experience in Secure Enterprise Secure Architecture.Experience in incident response and crisis management with the ability to identify tactical and strategic solutions using strong verbal and written communication skills.Comfortable with interfacing with other internal or external organizations regarding security policy and standards violations, security controls failure and incident response situations.Understanding network, desktop and server technologies, including experience with network intrusion methods, network containment, segregation techniques and technologies such as Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS).The ability to learn and apply new concepts quickly.Resolves problems independently and/or through a support team.Must be trustworthy in keeping sensitive data confidentialThese certifications are preferred but not required: Certified Information Security Professional (CISSP), Global Information Assurance Certifications (GIAC), Certified Information Security Auditor (CISA), ISO 27001 Lead-Auditor.Job TypeFull timeLocation 100% TelecommutingThe candidate must have legal authorization to work in Canada% of Travel Required 10-15%Physical RequirementsProlonged periods of sitting at a desk and working on a computer.CyberClan is an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status