GRC Specialist

Position Summary

The GRC Specialist is a key member of the Miovision Security team and is responsible for managing innovative governance, risk and compliance (GRC) practices to identify and mitigate security risks.

This role is critical to help the company defend our critical information and systems, understand the company’s information security environment, and help take the appropriate measures to protect our business and platforms.

This hands-on position will work closely with all teams across the company to ensure our GRC practices are defined, operated and maintained using leading security practices.

Ultimately, this role will help make Miovision systems and data more secure.

Key Accountabilities

• Lead the implementation and continual improvement of the Miovision GRC program, and be the subject matter expert on compliance and risk management practices.
• Achieve and maintain compliance with frameworks relevant to Miovision operations and customers, such as ISO 27001, SOC 2, NIST CSF, and NIST SP 800-53.
• Lead internal adoption of security policies, procedures, standards and best practices to ensure secure business operations, including vendor assessments, threat and risk analyses, and internal audits.
• Lead internal security audits and coordinate with external security auditors to review Miovision IT and security processes, risks, controls, and compliance against selected frameworks to assess capability maturity and identify gaps in design and execution.
• Actively participate in and support the Miovision data governance program.
• Proactively communicate updates, metrics, issues and recommendations to stakeholders and senior management.
• Assist with establishing a coordinated response to complex cyber-attacks that threaten the company’s information and assets.
• Actively participate in security operations, including software updates, patching, and incident response, and be a security subject matter expert to assist others across the organization, as needed.

Skills / Qualifications

• Working knowledge of and experience with industry compliance and risk management frameworks, including ISO / IEC 27001, SOC 2, NIST CSF, and NIST SP 800-53.
• Hands-on experience in managing an effective GRC program or related compliance projects, including championing the activities, performing assessments and internal audits, and writing clear documentation (policies, procedures, reports, etc.).
• Demonstrated analytical and pragmatic approach to cybersecurity, compliance and risk.
• Proven ability to collaborate and affect change, with a focus on performance excellence and continuous improvement.
• Excellent written and verbal communication skills, including the ability to communicate effectively across an organization.
• 2+ years of experience in compliance or risk management roles.
• 3+ years of experience in cybersecurity roles.

Additional Assets

• Passion for security and learning.
• Certified Information Systems Security Professional (CISSP); Certified in Governance, Risk and Compliance (CGRC); Certified in Risk & Information Systems Control (CRISC) or similar certification.

Perks and Benefits

Note : We do offer flexible onsite and remote work options. Our Benefits are designed to reflect this and include :

• Comprehensive health benefits starting on day one
• RRSP Matching Plan
• Variable Incentive Plan

We extend all three-day weekends to four-days and provide a Holiday Shutdown in December

• Virtual Healthcare Service providing employees and their families access to healthcare providers 24 / 7
• Internet subsidy and a remote work allowance
• Enhanced paternity and maternity leaves
• Unlimited vacation policy
• Wellness offerings (Fitness, Mindfulness)

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Please indicate if you require accommodation on your application, and our team will work with you to meet your accessibility needs.

To all recruitment agencies : Miovision does not accept agency solicitation or resumes. Please do not forward resumes to our HR alias e-mail address, to any Miovision employee, or to other Miovision e-mail addresses.

Miovision will not pay any fees related to unsolicited resumes.