Security Governance, Risk and Compliance Specialist

December 9

Apply Now

Receive Emails with Similar Jobs

Tecsys Inc.

WebsiteLinkedInAll Job Openings

Warehouse Management • Distribution Management • Transportation Management • Supply Management • Financial Management

501 - 1000 employees

Founded 1983

☁️ SaaS

Description

• Having recognized the advantages of remote work, such as improved employee morale, increased productivity, and positive impacts on both employee wellbeing and the environment, we are proud to be a digital-first company. • Tecsys is a fast-growing innovator offering supply chain solutions to industry leading healthcare systems, hospitals, and pharmacy businesses to distributors, retailers, and 3PLs. • We are seeking a Security Governance, Risk and Compliance specialist who will be involved in defining how security can enable business initiatives, and how we should meet security best practices. • The successful candidate will be supporting the implementation of a security risk management framework. • The GRC specialist’s role will also encompass the management of vendor risk and business continuity programs. • As a security subject matter expert, you will recommend improvements to reduce, contain and mitigate identified risks, as well as partake in various business and security initiatives to improve Tecsys’s security maturity. • Support continuous security risk management framework. • Collaborate with technical teams for the development, implementation and monitoring of required corrective action plans relating to security compliance issues or audit deficiencies. • Collaborate with stakeholders to define processes, automate and continuously monitor information security controls, exceptions, risks, testing and evidence gathering. • Develop reporting metrics and dashboards. • Help identify cyber risks and solve various governance gaps and process inefficiencies. • Develop, execute and actively partake in internal and external security and compliance assessment initiatives such as SOC 2, PCI-DSS, NIST, FedRAMP. • Review and optimize vendor risk management program. • Monitor existing controls and conduct periodic audits and reviews to ensure their efficiency and operating effectiveness, and to identify and report on potential issues. • Collaborate with internal IT and business teams to identify cyber risks and prioritize security compliance-related improvements. • As a security subject matter expert, support IT and cyber teams on the implementation of controls to meet security and privacy compliance requirements and best practices. • Support the development, review, update and optimization of security documentation.

Requirements

• Bachelor’s degree in information systems or equivalent experience • Minimum 3 years of cumulated hands-on experience • Experience in the development and implementation of governance, risk and compliance strategy and security control framework. • Experience in risk assessments and cyber risk management methodology/processes. • Broad knowledge of defense in depth security concepts and best practices through practical experience. • Good knowledge of cybersecurity frameworks such as NIST, CIS, PCI DSS. • Familiarity with business continuity process and planning. • Familiarity with IP networking fundamentals and internet protocols. • Familiarity with Linux, Mac, and Windows operating systems, mobile devices, and the IT application landscape. • Familiarity with public cloud Infrastructure-as-a-Service (IaaS) environments and Software-as-a-Service (SaaS) solutions.