Position Overview: We are seeking a skilled and detail-oriented Advisor to support and enhance the Governance, Risk, and Compliance (GRC) framework within our Technology and Information Security (TIS) function. This role will focus on managing risk and assurance engagements, tracking the progress of action plans, reporting on audit compliance, and supporting ongoing risk assurance activities. The Advisor will act as a liaison between various teams to ensure consistent and effective GRC practices across the organization.
Key Responsibilities:
Governance:
- Configure, maintain, and enhance GRC capabilities within the GRC application.
- Collect and analyze data related to the Cybersecurity Governance Program, including control frameworks and exception reporting.
- Conduct gap analyses of cybersecurity controls, offering actionable recommendations for improvement.
- Serve as a subject matter expert in developing and reviewing cybersecurity policies and standards.
- Update and track policies and standards to maintain alignment with external regulatory or security requirements.
- Lead the creation of new cybersecurity controls and metrics in response to emerging threats and regulatory needs.
Risk Management:
- Ensure compliance with the Enterprise Risk Management (ERM) process by identifying, ranking, and tracking technology and cybersecurity risks to closure.
- Collaborate with the Security Advisory team to ensure thorough evaluation and review of risks before processing exceptions.
- Report on GRC metrics to leadership, ensuring awareness of cybersecurity risks and obligations.
- Regularly monitor risk management activities to ensure timely and effective closure of open items with minimal overdue actions.
- Work with vendor SMEs to track and manage application-related threats and risks.
Compliance Management:
- Assist with managing and overseeing key compliance areas such as internal audits, SOX (Sarbanes-Oxley), and policy compliance.
- Contribute to establishing standard approaches for monitoring compliance and addressing control gaps.
- Serve as the key point of contact for technology-related audits and compliance activities.
- Ensure that audit remediation and management action plans are tracked and closed within established timelines.
Relationship Management:
- Act as the primary liaison between TIS control owners, subject matter experts, and other business units to drive compliance and add value.
- Coordinate cybersecurity assurance activities and facilitate risk management discussions across the organization.
- Ensure clear communication with leadership and teams regarding risk remediation efforts.
Continuous Improvement:
- Provide insights and recommendations to improve existing processes related to policies, standards, cybersecurity controls, and metrics.
- Foster the adoption of best practices to enhance the GRC framework.
Scope and Dimensions:
- Contribute to team objectives and success metrics aligned with organizational goals and strategy.
- Engage with cybersecurity experts and business units to ensure effective delivery of GRC services.
- Work closely with TIS GRC teams to ensure consistent governance, risk, and compliance activities.
- Be recognized as the subject matter expert in governance and risk management within TIS.
Knowledge, Skills & Abilities:
Required:
- Education: University degree in Computer Science, Engineering, Business, or a related field.
- Experience: Minimum of 5+ years in information security, IT governance, compliance, cybersecurity, audit/assurance, or risk management.
- Technical Knowledge: Strong understanding of cybersecurity and risk management best practices.
- Analytical Skills: Ability to collect, analyze, and present complex data clearly and concisely.
- Communication Skills: Excellent written and verbal communication, including technical writing and presentations.
- Project Management: Ability to manage multiple projects with competing priorities while maintaining high attention to detail.
- Confidentiality: Ability to manage sensitive information with integrity and professionalism.
Preferred:
- Knowledge of cybersecurity standards and frameworks (e.g., NIST, ISO 27001/27002, NERC, SOX).
- Professional certifications such as CISSP, CRISC, or CISA are a plus.
Working Conditions:
- Primarily office-based, with occasional travel (approximately once every 6 months).
- High workload and tight deadlines requiring attention to detail and accuracy.
- Fast-paced environment with dynamic priorities.
Core Competencies:
- Accountability: Takes ownership and responsibility for actions and outcomes.
- Collaboration: Works effectively with others to achieve shared goals.
- Integrity: Demonstrates ethical behavior and transparency in all actions.
- Problem Solving: Uses critical thinking and innovative solutions to address challenges.
- Communication: Communicates clearly and effectively with diverse audiences.
Job Type: Full-time
Pay: $47.00-$51.00 per hour
Schedule:
- 8 hour shift
- Monday to Friday
Work Location: Hybrid remote in Calgary, AB
