Senior Compliance and Risk Specialist

Bachelor’s degree in Computer Science, Information Technology or related field or equivalent combination of education and experience. One or more certifications: NIST800-53, ISO27001, SOC2, FedRamp, StateRamp. Knowledge of compliance standards, frameworks, tools, threat and risk management, and risk assessment methodologies. 8+ years of direct experience in a compliance, auditing and/or risk position. 3+ years of experience developing/delivering compliance assessments. Experience using structured approaches to risk assessment (e.g. HTRA, TRA, ITSG-33, CSF, FSIR, STAR). Experience using Unified Compliance Frameworks and GRC tools. Experience with Azure/AWS compliance is an asset. Proficiency with MS 365 Copilot. Presentation skills. Critical thinking, analysis, problem solving, interpersonal skills. Communication, relationship building, teamwork and collaboration skills. Organization/time management/prioritization skills. Adaptability and growth mindset.

Lead ISO 27001, SOC 2, and PCI compliance initiatives for systems in Canada, US, and Europe. Examine existing initiatives and develop strategies for compliance-at-scale. Spearhead initiatives to identify and improve security risks within global infrastructure. Design and deliver security strategies, produce architectural models, and present reports. Research and deliver tooling and strategies for AppSec program automation. Conduct risk assessments within customer systems and develop remediation plans. Articulate vision for global systems risk/compliance gaps and work across teams. Educate customers, executives, stakeholders, and developers on security best practices. Build relationships with stakeholders to understand assessment needs and advise on processes.