IT Risk & Compliance Specialist



IT Risk & Compliance Specialist

Toronto, Ontario  - Permanent


Job Description

Our client is a world class group of creative, passionate software inventors, builders, and thought-leaders dedicated to the art and science of visual analytics. Thye are currently seeking a Risk & Compliance Specialist to join their team.


As a part of the team, you will be responsible for:

- Becoming an internal expert on applicable international privacy and compliance standards, with a significant emphasis on rapidly evolving government policies in the United States
- Reviewing, assessing, and assisting in the negotiation of compliance requirements, contracts, and related risk associated with new projects during the acquisition and planning stages
- Providing awareness, support, guidance and advice to project leads, IT/Operations and senior management regarding evolving compliance requirements and internal efforts to meet them
- Collaborating on the production and ongoing revision of staff training materials
- Collaborating on the planning and execution of regular training exercises for general staff and critical incident response teams
- Coordinating regular audits/gap analyses of company infrastructure (local and cloud), and relevant documentation, to ensure ongoing compliance with applicable standards
- Coordinating regular evaluations of data handling across projects, ensuring applicable privacy and compliance standards are met
- Playing an active role in corporate security procedures, compliance, and best-practices
- You will bring a strong attention to detail and act as a positive support and advocate for risk analysis and compliance as you work closely with others across our organization. You will play a role in mentoring others, building awareness of compliance requirements and associated risks, and contribute to ongoing efforts to improve our processes for handling these topics.


Must Have Skills:

- At least 7 years of Software Industry work experience, with a degree in Law or Business Management, Computer Science, Engineering, Information Systems, and/or Mathematics.
- At least 3 years of experience in the Compliance & Risk domain, with a demonstrated aptitude for internal compliance audits, gap analysis/assessment, prioritization, remediation and monitoring
- Specific experience with several of the following: NIST 800-171, CMMC, CGP, GDPR, CCPA, PIPEDA, CJIS, or demonstrated ability to efficiently and precisely process complex, technical, legal documents for the purposes of risk assessment and compliance
- Ability to review projects, written materials, etc. for compliance with applicable privacy and infosec standards
- Ability to communicate complex or detailed topics to team leads and senior management, clearly conveying risks, compliance gaps, action needed and cost implications
- Strong people and teamwork skills, able to collaborate across the company to integrate compliance requirements into other business processes
- Excellent written communication skills
- Knowledge of Software Development practices, concepts and methodologies, obtained through training and/or direct work experience
- Well-versed in compliance and risk issues affecting Software Development-focused organizations specifically


Details:

Starting: ASAP