Opportunity DetailsLeverageTek is actively seeking a Governance Risk and Compliance Specialist (GRC) – Technology and Enterprise Risk for a permanent position with its Ottawa-based customer. Work LocationHybrid preferred (1x/week onsite) or Remote (ON/QC) Key TasksDeliver new security program capabilities by leading IT security, GRC, and cloud technology projects; scope of projects may include IT selection and procurement, development of detailed project, resource, and communications plans, coordination with both IT and organizational change management, and providing task direction to other senior project team membersDeliver daily operations for IT security risk and compliance management programs and associated governance frameworks, including but not limited to:Complete IT security risk assessments and associated reportingPerform GRC monitoring, reporting, and policy enforcement by making maximum effective use of automated available from Azure, Microsoft 365, and associated toolsPerform supply chain security assessments across IT products, SaaS and hosted services, and other 3rd party support services partners to ensure security controls are appropriate for business needs and the sensitivity of data involvedDevelop and maintain reporting of key measures and metrics for IT security risk, prepare monthly, quarterly, and annual risk reporting artifacts, and support presentation of relevant material to management and executive stakeholdersDevelop, implement, and maintain effective monitoring of external and internal cybersecurity threat context and impacts to risk postureConduct assessments of security posture, control implementation maturity, and conformance to security policies, standards, and guidelines – including coordination of 3rd party assessments and security penetration testingPrepare reports, policies, standards, and other documentation of a high standard regarding cyber security guidance and/or requirementsProvide business impact context assessment and guidance related to IT resiliency for service continuity and disaster recoveryParticipate in security incident responses as a member of the incident response team and support post-event root cause and risk analysis, providing recommendations towards continuous improvement and risk reductionDevelop security policies and operational procedures, including for cybersecurity incident response processes and playbooks, security configuration management, security in system development lifecycle, etc.Provide IT security, risk, and compliance advisory support:Within Technology Solutions to ensure security needs are addressed for all IT domains and to support the integration and continuous improvement of IT security risk and compliance management into IT architecture, engineering, software, system integration, and system development lifecycle processesTo the enterprise, including for domains of vendor and supply-chain security, project threat risk assessments, and operational risk inputs to enterprise risk managementProvide high quality and customer-focused support to both IT and user/stakeholder clients by responding to requests and assignments in a timely, respectful, constructive, and responsive mannerPerform other related duties as needed Key QualificationsRecent experience in a Governance Risk and Compliance role supporting Enterprise Risk with a focus on Technology and IT SecurityExperience with Microsoft Purview supporting Enterprise-wide initiatives related to data protection (data loss and data leakage)Experience in a GRC capacity leading the Technology and IT Security risk function while also working very closely with other business stakeholders such as HR, Legal, Finance, Procurement, Vendor Management, Supply Chain etc. QualificationsUniversity degree in the field of Computer Science, Information Technology, or in a related discipline2+ years of experience in security program implementationDelivering security and technology projects involving the implementation and deployment of new capabilities, transition of services to production operations, and successful adoption by usersDeveloping effective IT security policy, standard, and guideline documentationDeveloping governance frameworks and associated documentation for IT security risk management or compliance programsPreparing risk, compliance, and/or security program reporting for senior management and/or Board stakeholdersSelecting, implementing, and ensuring conformance with IT Security industry best practices and relevant standards and regulations (e.g., NIST Cybersecurity Framework, ISO/IEC 27001/2, COBIT, SOC 2, Information Security Forum, PCI-DSS, Cloud Security Alliance, SANS, CIS Benchmarks, etc.) Assessing current state compliance against selected IT security and control frameworks, standards, or audit charter objectivesConducting security maturity and gap assessments against a desired target control posture stateConducting IT security threat and risk assessments (TRA) and preparing formal TRA reporting documentationSelecting, applying, and assessing security control implementation for:Azure infrastructure services including virtual machines, network security groups, and network zoningAzure native services, such as backup, encryption, and monitoringMicrosoft 365 servicesOn premise network infrastructures, including boundary protections, monitoring, and network zoningPortable and mobile computing devices, including Windows and Mac laptops, and mobile iOS platformsImplementing, monitoring, and reporting from Azure and M365 portals and tools, such as Security Center, for supporting compliance, vulnerability management, and security score posture optimizationAbility to lead complex IT and security implementation projects involving organization-wide rollout and that rely on successful adoption by key stakeholders and/or large user audiencesAbility to deliver daily operational tasks that must be prioritized effectively around competing project and incident response demandsAbility to successfully deliver a broad program of responsibilities and projects according to a multi-year implementation roadmapExpertise with Azure and Microsoft 365 security and compliance capabilities for control implementation and current state reporting of posture and complianceAbility to use critical thinking and problem-solving skills to find out root causes of problems or opportunitiesGeneral knowledge of networking and IT security concepts and technologiesResults oriented with excellent time and project management skillsStrong ability to handle multiple concurrent and time-sensitive priorities, able to own and guide projects from beginning to endDemonstrated leadership skills with an ability to influence and positively inspire others to actStrategic thinking; creative, innovative, and collaborative out of the box thinkerLeading and managing change AssetsPrior experience with Microsoft Purview, Microsoft Information Protection, or Azure Information ProtectionDeveloping future state security capability profiles and IT security strategy towards achieving desired future stateDeveloping Disaster Recovery and IT resiliency preparedness, including conducting business impact assessments, developing business and/or service continuity plans, and developing or exercising disaster recovery plansSecurity operations and event investigations, security incident response, network or web application penetration testing, or digital forensicsApplying IT security and compliance concepts to Google Cloud Platform (GCP) environments.Integrating IT security, compliance, and operations capabilities across multiple public cloud tenants About LeverageTek IT SolutionsThank you for taking the time to apply! Since our company’s inception in March 2003, LeverageTek IT Solutions has worked resolutely to become one of the industry’s most recognized and trusted suppliers of technology staffing and business consulting services. With hundreds of successful engagements to our credit with many of Canada’s leading public and private sector organizations, we are the experts in identifying, deploying, and supporting IT and business talent on a contract, contract-to-hire, and permanent basis. We work with customers across all sectors including academia, aerospace, aviation, finance, government, health care, high tech, military, not-for-profit, and more. Our responsive service and ability to deliver the right fit, on time and within budget, typically leads to repeat engagements and a long-standing relationship. Accessibility accommodations are available upon request.