Enable job alerts via email!
GRC / TPRM Specialist in Information Security-79876
emergiTEL Inc.
Brossard
On-site
CAD 80,000 - 110,000
Full time
30+ days ago
Job summary
A leading consulting firm is seeking a consultant for their Technology Third Party Risk Management program. The role involves conducting risk assessments, analyzing vendor compliance with cybersecurity standards, and collaborating across teams to ensure alignment with internal policies. Candidates should have over 5 years of experience in technology risk management and strong analytical skills.
Qualifications
- 5+ years experience in GRC and Technology TPRM.
- Good understanding of SOx IT General Controls.
- Strong analytical, communication, and documentation skills.
Responsibilities
- Perform risk assessments of third-party vendors.
- Analyze vendor responses to cybersecurity questionnaires.
- Conduct technology risk analysis and track mitigation plans.
Skills
Cybersecurity knowledge
Risk assessment
SOx IT General Controls
Analytical skills
Documentation skills
Communication skills
Job description
- 5+ years proven experience in GRC
- Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks.(ex;. OnetTrust, Sentinel, Security Scrorecard, etc)
- Good understanding of SOXIT General Controls (ITGCs) and compliance expectations related to external service providers.
- Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
- Practical experience with technology-related due diligence processes.
Langue : Bilingue ou Anglo
Job description:
We are seeking to engage a consultant to support our Technology Third Party Risk Management (TPRM) program. The selected professional will work closely with the Information Security Governance, Risk & Compliance (GRC) team and other stakeholders to assess and monitor technology-related risks associated with external vendors.
Scope of Work:
- Support the Technology TPRM process by performing risk assessments of third-party vendors providing technology products or services.
- Review and analyze vendor responses to cybersecurity and risk questionnaires, including relevant supporting documentation.
- Identify and report control gaps, with a particular focus on risks that could impact SOx (Sarbanes-Oxley) compliance.
- Conduct technology risk analysis, map mitigation action plans, and track the closure of identified risks.
- Assess and report on residual risk levels, ensuring clear documentation and escalation of high-risk findings.
- Assist in conducting technology due diligence for new and existing vendors.
- Collaborate with internal teams (Procurement, Legal, Privacy, Architecture) to ensure vendor engagements align with internal policies, standards, and regulatory requirements.
- Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks.
- Solid understanding of SOx IT General Controls (ITGCs) and compliance expectations related to external service providers.
- Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
- Practical experience with technology-related due diligence processes.
- Strong analytical, communication, and documentation skills.
- Ability to work independently and manage multiple priorities in a dynamic environment.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Land a better
job faster
job faster
Follow us
