Full-Time Senior Risk and Compliance Specialist

Internal Job Title: Senior Risk and Compliance Specialist
Job Type: Permanent, Full-Time
Job Location: United States
Work Model: Remote (within Continental United States)

Position SummaryAs a Senior Risk and Compliance Specialist at CBN, you will be responsible for leading compliance initiatives, conducting risk assessment and remediation activities, and developing security strategies for CBN systems deployed in Canada, the United States and Europe.

1. Compliance Initiatives
   • Lead current ISO 27001, SOC 2, and PCI compliance initiatives for systems in Canada, US, and Europe.
   • Examine existing initiatives and engage business stakeholders and customers to establish a strategy for handling compliance-at-scale for both compliance-focused and cost-sensitive markets.
2. Security Strategy
   • Spearhead initiatives to identify, investigate, and improve security risks within CBN Operations Global Infrastructure.
   • Design and deliver security strategies, produce architectural models, detailed assessments, and present reports to meet Canada/US and global security requirements.
   • Research and deliver tooling and strategies for CBN’s AppSec program to address risk assessments in an automated fashion at scale.
3. Risk Assessment and Remediation
   • Conduct Risk Assessments within customer systems to quickly assess associated risks, recommend actions, and develop plans for remediation.
   • Understand the risk/compliance gaps in our global systems, articulate a vision, and work across teams to get us there.
4. Stakeholder Engagement
   • Take an active role in educating customers, executives, stakeholders, infrastructure personnel, and developers on best practices for security.
   • Build relationships with stakeholders across groups to understand assessment needs, advise on how it should be handled, and the associated notification process.
5. Various other Duties and Responsibilities.

Knowledge and Experience

• EducationBachelor’s degree in Computer Science, Information Technology or related field or an equivalent combination of relevant education and additional work experience
• Certification(s)One (or more) of NIST800-53, ISO27001, SOC2 (Type I and II), FedRamp, StateRampSANA, ISACA or GIAC is an asset
• KnowledgeCompliance standards, frameworks and tools
  Threat and risk management principles and methodologies
  Risk assessment practices and methodologies
• Experience8+ years of direct experience in a compliance, auditing and/or risk position
  3+ years of experience developing/delivering compliance assessments
  Experience using structured approaches to risk assessment (e.g. HTRA, TRA, ITSG-33, CSF, FSIR, STAR)
  Experience using Unified Compliance Frameworks and GRC tools
  Experience with Azure/AWS compliance is an asset

Technical SkillsProficiency with MS 365 Copilot
Presentation skills

Soft Skills and CompetenciesCritical thinking skills
Analysis, problem solving
Interpersonal skills
Communication, relationship building, teamwork and collaboration
Organization/time management/prioritization skills
Adaptable
Growth mindset

Mandatory Requirements

• Language(s): Fluency in English (reading, writing, speaking)
• Travel: Ability to travel domestically/internationally (passport required) approx. 1-2 weeks/year
• Work Authorization: Must be legally eligible to work in the United States

What is the last date for applying to the job?

Which countries are accepted for this remote job?