Security Governance, Risk and Compliance Specialist

Having recognized the advantages of remote work, such as improved employee morale, increased productivity, and positive impacts on both employee wellbeing and the environment, we are proud to be a digital-first company. Our digital-first work environment, combined with our conveniently located offices and collaborative workspaces, provides our team with the freedom and flexibility to work in the most productive way for them.

About Us
Tecsys is a fast-growing innovator offering supply chain solutions to industry leading healthcare systems, hospitals, and pharmacy businesses to distributors, retailers, and 3PLs. We work with industry leaders to transform their supply chains through technology. If you thrive on tackling interesting challenges with continuous learning opportunities, then Tecsys could be a good fit for you!

About The Role
We are seeking a Security Governance, Risk and Compliance Specialist who will be involved in defining how security can enable business initiatives, and how we should meet security best practices, as well as applicable various contractual and regulatory requirements. The successful candidate will be supporting the implementation of a security risk management framework. The GRC specialist's role will also encompass the management of vendor risk and business continuity programs. As a security subject matter expert, you will recommend improvements to reduce, contain and mitigate identified risks, as well as partake in various business and security initiatives to improve Tecsys's security maturity.

What You'll Do

• Support continuous security risk management framework
• Collaborate with technical teams for the development, implementation and monitoring of required corrective action plans relating to security compliance issues or audit deficiencies
• Collaborate with stakeholders to define processes, automate and continuously monitor information security controls, exceptions, risks, testing and evidence gathering.
• Develop reporting metrics and dashboards
• Help identify cyber risks and solve various governance gaps and process inefficiencies
• Develop, execute and actively partake in internal and external security and compliance assessment initiatives such as SOC 2, PCI-DSS, NIST, FedRAMP
• Review and optimize vendor risk management program
• Monitor existing controls and conduct periodic audits and reviews to ensure their efficiency and operating effectiveness, and to identify and report on potential issues
• Collaborate with internal IT and business teams to identify cyber risks and prioritize security compliance-related improvements
• As security subject matter expert, support IT and cyber teams on the implementation of controls to meet security and privacy compliance requirements and best practices
• Support the development, review, update and optimization of security documentation

• Bachelor's degree in information systems or equivalent experience
• Minimum 3 years of cumulated hands-on experience

• Experience in the development and implementation of governance, risk and compliance strategy and security control framework
• Experience in risk assessments and cyber risk management methodology/processes
• Broad knowledge of defense in depth security concepts and best practices through practical experience
• Good knowledge of cybersecurity frameworks such as NIST, CIS, PCI DSS
• Familiarity with business continuity process and planning
• Familiarity with IP networking fundamentals and internet protocols
• Familiarity with Linux, Mac, and Windows operating systems, mobile devices, and the IT application landscape
• Familiarity with public cloud Infrastructure-as-a-Service (IaaS) environments and Software-as-a-Service (SaaS) solutions.

• Ability to work with minimal supervision
• Strong ability to define problems, collect and analyze data, establish facts and draw valid conclusions.
• Positive attitude and agile mindset
• Motivated, team, and customer oriented
• Not afraid to fail
• Excellent interpersonal skills.
• Ability to plan and deliver on commitment
• Strong proficiency in both written and verbal English communication essential for effective correspondence with clients, suppliers, business partners, and colleagues beyond the province of Quebec.

We understand that experience comes in many forms and that careers are not always linear. If you don't meet every requirement in this posting, we still encourage you to apply.

At Tecsys, we are committed to fostering a diverse and inclusive workplace where all employees feel valued, respected, and empowered. We believe that diversity drives innovation and strengthens our ability to deliver exceptional solutions. We welcome and encourage applicants from all backgrounds, experiences, and perspectives to join our team.

Tecsys is an equal opportunity employer. Accommodation is available for applicants selected for an interview.

NB: if you are applying to this position, you must be a Canadian Citizen or a Permanent Resident of Canada, OR, have a valid Canadian work permit.

• Associate

• Full-time

• Information Technology
• Non-profit Organizations and Primary and Secondary Education