US
0 suggestions are available, use up and down arrow to navigate them
PROCESSING APPLICATION
Hold tight! We’re comparing your resume to the job requirements…
ARE YOU SURE YOU WANT TO APPLY TO THIS JOB?
Based on your Resume, it doesn't look like you meet the requirements from the employer. You can still apply if you think you’re a fit.
Job Requirements of Senior Compliance Analyst (Tech):
-
Employment Type:
Contractor
-
Location:
Mississauga, Ontario (Onsite)
Do you meet the requirements for this job?
Senior Compliance Analyst (Tech)
Careers Integrated Resources Inc
Mississauga, Ontario (Onsite)
Contractor
Who we are
At Client, we are passionate about transforming patients lives and we are fearless in both decision and action - we believe that good business means a better world. That is why we come to work each day. We commit ourselves to scientific rigor, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow.
Data security and privacy are key success factors in our digital transformation and essential to reach our ambitions.
You are inspired to contribute to the overall Client vision by applying end-to-end product security and privacy operations to keep our products and services secure and privacy compliant throughout the entire lifecycle. You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential.
The opportunity
As a member of the Compliance Product Team, you are given this opportunity in a team with a strong focus on collaboration and teamwork to support the Digital Products domain with state of the art and innovative security and privacy concepts.
You will oversee or consult on technical architecture implementation activities, particularly for new and/or shared solutions. You coordinate compliance activities at a global/regional level.
You help others (like engineers, cross functional team members) interpret laws and regulations (like GDPR, HIPAA, HITRUST and other regulations) correctly and ensure consistent adherence.
In addition, you will:
Help with audit related work internally and externally - check controls compliance, collect evidence and coordinate audit work (like ISO 27001, 27017 and 27018)
Coordinate routine activities like Pen Testing, Disaster Recovery and tasks stemming from them, recording of results in tools like Jira, tracking any findings and remediation work,
Define and implement security and privacy risk management governance and insights,
Assist in drafting new or updated compliance policies and procedures, including specifying actual or potential implications to existing business operations and practices,
Help prepare and deliver communication and training materials/sessions to educate others on the evolving compliance landscape and potential new or updated policies and related changes,
Leverage your working knowledge of controls for cloud security, mobile application security, data privacy laws, AWS architecture and services,
Put in practice your project management skills and ability to manage multiple projects simultaneously to meet objectives and key deadlines
Conduct Risk assessments by analyzing the current risks and identifying potential risks that are affecting the business and product groups
Who you are
You have a University degree in computer science, engineering, law, business or other related fields, or equivalent experience. You bring experience working in a multicultural environment and proven cultural awareness. You are fluent in English on a business level with excellent verbal and written skills; other languages welcome, but not required. You have a minimum of 5+ years related work experience in Information Security, Privacy & Risk Management, Audit.
You bring solid experience in:
Conducting or being the subject of security and/or privacy audits
Working with cloud environments required
Expert planner with business process definition experience and a strong IT aptitude
System hardening, analysis and vulnerability management
Understanding of applicable and accepted audit and risk frameworks (such as COBIT, NIST, and ISO), standards (ISO 27000 family, HITRUST) and government guidelines and laws (HIPAA, GDPR)
Clinical workflow solutions or in a clinical environment a plus
Knowledge of AWS and Cloud Security preferred
Relevant certifications like CISA, CISM, CRISC, CISSP preferred
You bring the following competencies:
Strong business acumen; sensitive to business needs; view change as an opportunity; eager to work in a fast paced environment.
Best in class attitude; challenge status constructively and contribute to improvements; results oriented; ability to influence; solution oriented mindset.
Strong organizational skills and ability to prioritize and manage multiple projects simultaneously if needed
Effective at engaging with teams in various functions and across different levels
Pro-active and confident individual who is committed to driving change.
Ability to communicate complex and highly technical information clearly and concisely.
Commitment to working as a team player across Business Areas and Divisions.
Excellent interpersonal skills with high cross-cultural sensitivity.
Healthcare software experience preferred
Compliance Tech
With great knowledge in GRC tooling preferably GRC hands on experience and ability to identify and automate Quality Privacy Risk and Compliance tasks throughout multiple internal and external stakeholders integrated into our services to help in upcoming FedRAMP, C5 or similar attestations and authorizations.
Understands Quality, Risk, Privacy and Compliance from a technical perspective and is able to articulate and communicate the same in a written format with Fluency in English. Ability to understand what the stakeholders or consumers do and bring it to surface. Knowledge to write clear Policy and Standard Operating Procedures.
Technical Skillsets
GRC Platform Expertise: Deep knowledge of platforms (e.g., ServiceNow GRC/IRM, RSA Archer) and experience with configuration, workflows,UI policies, scripting (e.g., JavaScript in ServiceNow), and data modeling.
a. Module Development: Ability to design and implement custom GRC modules and integrate with other systems via APIs.(e.g., Risk Register, Policy Management, Compliance Management, Third-Party Risk).
b. Process Automation: Automating GRC processes and familiarity with low-code/no-code configuration.
c. Data Management & Reporting: Strong skills in data modeling, reporting, and use of reporting tools (e.g., Power BI).
d. Security & Access Control: Understanding of role-based access, data segregation, and audit trails.
Domain and Functional Expertise
a. Risk Management Frameworks: Demonstrated familiarity with ISO 31000, COSO ERM, NIST RMF, FAIR, and related frameworks.
b. Compliance and Regulations: Robust knowledge of frameworks such as ISO 27001, SOC 2, PCI-DSS, HIPAA, GDPR, FedRAMP, among others. Proficient in mapping controls and requirements across various frameworks.
c. Policy and Control Management: Experience in the comprehensive lifecycle management of policies, procedures, and controls.
d. Audit and Issue Management: Sound understanding of internal and external audit processes, including issue tracking and remediation strategies.
e. Third-Party Risk Management: Practical experience with vendor onboarding workflows, risk tiering methodologies, and assessment processes.
Strategic and Cross-Functional Competencies
a. Stakeholder Engagement: Ability to collaborate effectively with Information Security, Legal, Privacy, Risk, Audit, and Business teams.
b. Process Design and Optimization: Expertise in designing scalable Governance, Risk, and Compliance (GRC) processes, and aligning tooling with enterprise risk strategies.
c. Project/Program Management: Proven track record in delivering GRC implementations utilizing Agile and Waterfall methodologies.
d. Change Management: Experience in driving user adoption, conducting training, and developing change communication strategies.
e. Business Analysis: Skill in translating business requirements into technical solutions and vice versa.
Expanded Support for Additional Teams and Client Requests:
a. Dedicated Support: Provide comprehensive and tailored support to additional teams for their unique and emerging requirements.
b. Expanded Product: Address an expanded Product of work, such as navigating the complexities of certifications in China and conducting thorough assessments for products that utilize platform services.
c. Privacy Information Management Systems Extension: Extend the reach of Privacy Information Management Systems to encompass products that employ navify Platform services ensuring comprehensive data privacy and protection.
Implementation of New Certification Frameworks:
a. Facilitation and Guidance: Facilitate the seamless implementation of new and critical certification frameworks, specifically FedRAMP in the United States and C5 in Germany, for the navify Platform. This includes providing expert guidance, addressing compliance requirements, and ensuring successful certification.
Enhanced Technical Writing and Compliance Support:
a. Comprehensive Documentation: Offer comprehensive technical writing support to elevate overall maturity and clarity. Develop meticulous compliance documentation that elucidates practices and their applicability across the Platform and Product capabilities, encompassing a wide range of regulatory frameworks, including GDPR, HIPAA, HITRUST, ISO, Baselines, FedRAMP, C5, KRITIS, and others.
b. Policy and Control Adoption: Develop clear and actionable policy and control adoption plans for the products within Product, ensuring adherence to regulatory requirements and industry best practices.
c. Team Training and Enablement: Provide necessary team training to foster a culture of compliance and ensure that all team members understand and can implement the required policies and controls.
Must Have
(a) GRC tooling experience
(b) Audit background
(b) Information security related certification
Please this is a hybrid role - 2-3 days in the Mississauga Campus
At Client, we are passionate about transforming patients lives and we are fearless in both decision and action - we believe that good business means a better world. That is why we come to work each day. We commit ourselves to scientific rigor, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow.
Data security and privacy are key success factors in our digital transformation and essential to reach our ambitions.
You are inspired to contribute to the overall Client vision by applying end-to-end product security and privacy operations to keep our products and services secure and privacy compliant throughout the entire lifecycle. You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential.
The opportunity
As a member of the Compliance Product Team, you are given this opportunity in a team with a strong focus on collaboration and teamwork to support the Digital Products domain with state of the art and innovative security and privacy concepts.
You will oversee or consult on technical architecture implementation activities, particularly for new and/or shared solutions. You coordinate compliance activities at a global/regional level.
You help others (like engineers, cross functional team members) interpret laws and regulations (like GDPR, HIPAA, HITRUST and other regulations) correctly and ensure consistent adherence.
In addition, you will:
Help with audit related work internally and externally - check controls compliance, collect evidence and coordinate audit work (like ISO 27001, 27017 and 27018)
Coordinate routine activities like Pen Testing, Disaster Recovery and tasks stemming from them, recording of results in tools like Jira, tracking any findings and remediation work,
Define and implement security and privacy risk management governance and insights,
Assist in drafting new or updated compliance policies and procedures, including specifying actual or potential implications to existing business operations and practices,
Help prepare and deliver communication and training materials/sessions to educate others on the evolving compliance landscape and potential new or updated policies and related changes,
Leverage your working knowledge of controls for cloud security, mobile application security, data privacy laws, AWS architecture and services,
Put in practice your project management skills and ability to manage multiple projects simultaneously to meet objectives and key deadlines
Conduct Risk assessments by analyzing the current risks and identifying potential risks that are affecting the business and product groups
Who you are
You have a University degree in computer science, engineering, law, business or other related fields, or equivalent experience. You bring experience working in a multicultural environment and proven cultural awareness. You are fluent in English on a business level with excellent verbal and written skills; other languages welcome, but not required. You have a minimum of 5+ years related work experience in Information Security, Privacy & Risk Management, Audit.
You bring solid experience in:
Conducting or being the subject of security and/or privacy audits
Working with cloud environments required
Expert planner with business process definition experience and a strong IT aptitude
System hardening, analysis and vulnerability management
Understanding of applicable and accepted audit and risk frameworks (such as COBIT, NIST, and ISO), standards (ISO 27000 family, HITRUST) and government guidelines and laws (HIPAA, GDPR)
Clinical workflow solutions or in a clinical environment a plus
Knowledge of AWS and Cloud Security preferred
Relevant certifications like CISA, CISM, CRISC, CISSP preferred
You bring the following competencies:
Strong business acumen; sensitive to business needs; view change as an opportunity; eager to work in a fast paced environment.
Best in class attitude; challenge status constructively and contribute to improvements; results oriented; ability to influence; solution oriented mindset.
Strong organizational skills and ability to prioritize and manage multiple projects simultaneously if needed
Effective at engaging with teams in various functions and across different levels
Pro-active and confident individual who is committed to driving change.
Ability to communicate complex and highly technical information clearly and concisely.
Commitment to working as a team player across Business Areas and Divisions.
Excellent interpersonal skills with high cross-cultural sensitivity.
Healthcare software experience preferred
Compliance Tech
With great knowledge in GRC tooling preferably GRC hands on experience and ability to identify and automate Quality Privacy Risk and Compliance tasks throughout multiple internal and external stakeholders integrated into our services to help in upcoming FedRAMP, C5 or similar attestations and authorizations.
Understands Quality, Risk, Privacy and Compliance from a technical perspective and is able to articulate and communicate the same in a written format with Fluency in English. Ability to understand what the stakeholders or consumers do and bring it to surface. Knowledge to write clear Policy and Standard Operating Procedures.
Technical Skillsets
GRC Platform Expertise: Deep knowledge of platforms (e.g., ServiceNow GRC/IRM, RSA Archer) and experience with configuration, workflows,UI policies, scripting (e.g., JavaScript in ServiceNow), and data modeling.
a. Module Development: Ability to design and implement custom GRC modules and integrate with other systems via APIs.(e.g., Risk Register, Policy Management, Compliance Management, Third-Party Risk).
b. Process Automation: Automating GRC processes and familiarity with low-code/no-code configuration.
c. Data Management & Reporting: Strong skills in data modeling, reporting, and use of reporting tools (e.g., Power BI).
d. Security & Access Control: Understanding of role-based access, data segregation, and audit trails.
Domain and Functional Expertise
a. Risk Management Frameworks: Demonstrated familiarity with ISO 31000, COSO ERM, NIST RMF, FAIR, and related frameworks.
b. Compliance and Regulations: Robust knowledge of frameworks such as ISO 27001, SOC 2, PCI-DSS, HIPAA, GDPR, FedRAMP, among others. Proficient in mapping controls and requirements across various frameworks.
c. Policy and Control Management: Experience in the comprehensive lifecycle management of policies, procedures, and controls.
d. Audit and Issue Management: Sound understanding of internal and external audit processes, including issue tracking and remediation strategies.
e. Third-Party Risk Management: Practical experience with vendor onboarding workflows, risk tiering methodologies, and assessment processes.
Strategic and Cross-Functional Competencies
a. Stakeholder Engagement: Ability to collaborate effectively with Information Security, Legal, Privacy, Risk, Audit, and Business teams.
b. Process Design and Optimization: Expertise in designing scalable Governance, Risk, and Compliance (GRC) processes, and aligning tooling with enterprise risk strategies.
c. Project/Program Management: Proven track record in delivering GRC implementations utilizing Agile and Waterfall methodologies.
d. Change Management: Experience in driving user adoption, conducting training, and developing change communication strategies.
e. Business Analysis: Skill in translating business requirements into technical solutions and vice versa.
Expanded Support for Additional Teams and Client Requests:
a. Dedicated Support: Provide comprehensive and tailored support to additional teams for their unique and emerging requirements.
b. Expanded Product: Address an expanded Product of work, such as navigating the complexities of certifications in China and conducting thorough assessments for products that utilize platform services.
c. Privacy Information Management Systems Extension: Extend the reach of Privacy Information Management Systems to encompass products that employ navify Platform services ensuring comprehensive data privacy and protection.
Implementation of New Certification Frameworks:
a. Facilitation and Guidance: Facilitate the seamless implementation of new and critical certification frameworks, specifically FedRAMP in the United States and C5 in Germany, for the navify Platform. This includes providing expert guidance, addressing compliance requirements, and ensuring successful certification.
Enhanced Technical Writing and Compliance Support:
a. Comprehensive Documentation: Offer comprehensive technical writing support to elevate overall maturity and clarity. Develop meticulous compliance documentation that elucidates practices and their applicability across the Platform and Product capabilities, encompassing a wide range of regulatory frameworks, including GDPR, HIPAA, HITRUST, ISO, Baselines, FedRAMP, C5, KRITIS, and others.
b. Policy and Control Adoption: Develop clear and actionable policy and control adoption plans for the products within Product, ensuring adherence to regulatory requirements and industry best practices.
c. Team Training and Enablement: Provide necessary team training to foster a culture of compliance and ensure that all team members understand and can implement the required policies and controls.
Must Have
(a) GRC tooling experience
(b) Audit background
(b) Information security related certification
Please this is a hybrid role - 2-3 days in the Mississauga Campus
Get job alerts by email.
Sign up now!
Join Our Talent Network!