GRC Risk Consultant

Venor is proud to partner with Prevalent in their search for a GRC Risk Consultant. Named a 2022 Gartner Peer Insights Customers’ Choice for IT Vendor Risk Management Tools, Prevalent’s Canadian engineering team is growing in response to record-breaking growth. The Prevalent Third-Party Risk Management (TPRM) platform is a unified SaaS solution that combines automated, standardized risk assessment with continuous risk monitoring, assessment workflow, and remediation management across the entire third-party lifecycle. Their software and services enable you to eliminate the security and compliance exposures that come from working with vendors, suppliers, and other third parties – from sourcing to offboarding.

With over 120 employees between the US, UK, and across Canada, the ideal candidate will work in a hybrid-remote-first work environment from Ottawa, Ontario.

Prevalent is seeking a highly skilled GRC Risk Consultant with extensive experience in ISO 27001, NIST, SOC 2, and other related risk frameworks. The ideal candidate will have a strong background in information security, risk assessment, and compliance, and will advise clients on best practices to mitigate risks and ensure compliance with relevant standards. As a Risk Consultant, you will conduct risk assessments and gap analyses using frameworks like ISO 27001, NIST, and SOC 2, while developing and maintaining information security management systems (ISMS) to meet ISO 27001 standards. You will also guide clients through the implementation of NIST frameworks (CSF, SP 800-53), SOC 2 Trust Service Criteria, SOC1, HITRUST, and ESG standards.

Key responsibilities include:

• Performing security and risk audits.
• Creating reports for client third parties.
• Developing content for surveys related to Information Security, ESG, and Financial and Business frameworks.
• Developing customized risk management strategies.
• Monitoring the effectiveness of security controls.
• Staying up-to-date with industry trends.

While the role is 80% home-based remote work, there will be occasional requirements for onsite visits or office attendance in Ottawa, as well as collaboration with teams to integrate risk management into business operations.

What we are looking for:

• Experience with additional frameworks such as GDPR, HIPAA, PCI-DSS, COBIT and DORA.
• Familiarity with risk assessment tools and software.
• Experience in incident response and crisis management.
• Knowledge of cloud security and emerging technologies.
• Experience in Vulnerability and Threat Management.
• Experience in Business Monitoring.
• Ability to utilize knowledge and experience to manage multiple projects and deadlines effectively.
• Fluency in written and verbal English.
• Enthusiastic and positive attitude.
• Strong interpersonal skills required to build relationships.
• Strong communication and presentation skills.

Minimum qualifications:

• Bachelor’s degree in Information Security, Computer Science, or a related field. Advanced degree preferred.
• Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
• Minimum of 5 years of experience in risk management, information security, or compliance consulting.
• In-depth knowledge of ISO 27001, NIST CSF, NIST SP 800-53, SOC 2, and other relevant frameworks and standards.
• Proven experience in developing and implementing ISMS and cybersecurity frameworks.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication and presentation skills, with the ability to explain complex concepts to non-technical stakeholders.
• Ability to manage multiple projects and meet deadlines in a fast-paced environment.
• High level of integrity, professionalism, and attention to detail.

What’s in it for you:

• Hybrid Working Model with 80% home-based work.
• Unlimited PTO.
• RRSP matching.
• Health and dental coverage.
• A talented team of peers and leaders to collaborate with and learn from.
• Personal and professional growth opportunities.

At Venor, we embrace a culture of belonging in the workplace. No matter who you are, where you’re from, how you think, what you believe in, or who you love, we welcome your application. We all come from different backgrounds and different walks of life, bringing in unique perspectives and experiences. We encourage applications from 2SLGBTQ+, Black, Indigenous, and People of Colour (BIPOC), women, newcomers to Canada, and people with disabilities. If you require any accommodation in the application and interview process, please let us know (including different materials or otherwise).

For more information on this exciting opportunity, please reach out to Craig Coady at craig@venor.ca or Anna Bryant via anna@venor.ca.

Venor is an Atlantic Canadian recruiting firm specializing in recruitment solutions, executive search, career transition & outplacement services.

Subscribe to stay up-to-date with the latest opportunities, industry insights, events and more.