Full-Time Senior Risk & Compliance Specialist
Canadian Bank Note Company is hiring a remote Full-Time Senior Risk & Compliance Specialist. The career level for this job opening is Senior Manager and is accepting Ottawa, Canada based applicants remotely. Read complete job description before applying.
Canadian Bank Note Company
Job Title
Posted
Career Level
Career Level
Locations Accepted
Share
Job Details
Internal Job Title: Senior Risk and Compliance Specialist
Job Type: Permanent, Full-Time
Job Location: Canada
Work Model: Remote
Position SummaryAs a Senior Risk and Compliance Specialist at CBN, you will be responsible for leading compliance initiatives, conducting risk assessment and remediation activities, and developing security strategies for CBN systems deployed in Canada, the United States and Europe.
Responsibilities
- Compliance InitiativesLead current ISO 27001, SOC 2, and PCI compliance initiatives for systems in Canada, US, and Europe.Examine existing initiatives and engage business stakeholders and customers to establish a strategy for handling compliance-at-scale for both compliance-focused and cost-sensitive markets.
- Security StrategySpearhead initiatives to identify, investigate, and improve security risks within CBN Operations Global Infrastructure.Design and deliver security strategies, produce architectural models, detailed assessments, and present reports to meet Canada/US and global security requirements.Research and deliver tooling and strategies for CBN’s AppSec program to address risk assessments in an automated fashion at scale.
- Risk Assessment and RemediationConduct Risk Assessments within customer systems to quickly assess associated risks, recommend actions, and develop plans for remediation.Understand the risk/compliance gaps in our global systems, articulate a vision, and work across teams to get us there.
- Stakeholder EngagementTake an active role in educating customers, executives, stakeholders, infrastructure personnel, and developers on best practices for security.Build relationships with stakeholders across groups to understand assessment needs, advise on how it should be handled, and the associated notification process.
Knowledge and Experience
EducationBachelor’s degree in Computer Science, Information Technology or related field or an equivalent combination of relevant education and additional work experience
Certification(s)One (or more) of NIST800-53, ISO27001, SOC2 (Type I and II), FedRamp, StateRamp, SANA, ISACA or GIAC is an asset
KnowledgeCompliance standards, frameworks and toolsThreat and risk management principles and methodologiesRisk assessment practices and methodologies
Experience8+ years of direct experience in a compliance, auditing and/or risk position3+ years of experience developing/delivering compliance assessmentsExperience using structured approaches to risk assessment (e.g. HTRA, TRA, ITSG-33, CSF, FSIR, STAR)Experience using Unified Compliance Frameworks and GRC toolsExperience with Azure/AWS compliance is an asset
Technical SkillsProficiency with MS 365 CopilotPresentation skills
Soft Skills and CompetenciesCritical thinking skillsAnalysis, problem solvingInterpersonal skillsCommunication, relationship building, teamwork and collaborationOrganization/time management/prioritization skillsAdaptableGrowth mindset
Mandatory Requirements
- Language(s): Fluency in English (reading, writing, speaking)
- Travel: Ability to travel domestically and/or internationally (passport required) approx. 1-2 weeks/year