Cloud Services GRC Specialist

About The Position

Requirements

• 3-5 years of experience in IT compliance, GRC, or information security, preferably in cloud or SaaS environments.
• Hands-on experience supporting or coordinating audits (internal and/or external).
• Working knowledge of information security frameworks such as ISO 27001, ISO 27017/18, SOC 2, PCI-DSS, FedRAMP, CSA, and data privacy regulations (e.g., GDPR, CCPA).
• Intermediate experience in risk management, including risk assessments and remediation tracking.
• Familiarity with cloud environments and security fundamentals (e.g., AWS, Azure, GCP).
• Strong stakeholder management skills and ability to work cross-functionally.
• Good analytical, documentation, and organizational skills.
• Ability to manage multiple tasks and priorities with moderate supervision.
• Strong written and verbal communication skills.
• Detail-oriented and well-organized
• Proactive and willing to take ownership of assigned areas
• Collaborative team player with a practical mindset
• Eager to learn and grow within the GRC domain

Nice To Haves

• Experience with GRC tools (e.g., ServiceNow GRC, RSA Archer, OneTrust, or similar).
• Experience managing complex projects
• Relevant Industry certifications for example CISA, CISM, CRISC, CISSP, CEH

Responsibilities

• Serve as a primary point of contact for internal and external auditors, supporting audit coordination, evidence collection, and follow-ups.
• Maintain and manage a centralized audit repository, ensuring evidence is accurate, complete, and mapped to relevant control frameworks.
• Coordinate and support internal audits, including performing control testing where appropriate.
• Support external audits and certifications (e.g., ISO 27001, ISO 27017/18, SOC 2, PCI-DSS, FedRAMP).
• Track audit findings and support remediation efforts with stakeholders.
• Maintain and update control frameworks, including mapping controls across multiple standards and requirements.
• Support the maintenance of ISMS documentation, including policies, standards, and procedures aligned with ISO 27001.
• Identify gaps and recommend improvements to controls, policies, and procedures to enhance compliance posture.
• Contribute to the development of compliance metrics, KPIs, and KRIs, and support reporting to management.
• Support risk identification, assessment, and tracking activities, including maintaining the risk register.
• Assist with risk assessments for systems, processes, and new initiatives.
• Participate in third-party/vendor risk management activities, including due diligence and periodic reviews.
• Support the maintenance of key operational processes, including Change Management, Business Continuity (BCP), and Disaster Recovery (DR).
• Review asset management processes to ensure controls are in place and operating effectively.
• Collaborate with engineering, operations, and product teams to ensure compliance requirements are implemented.
• Support responses to RFPs, security questionnaires, and customer due diligence requests.
• Participate in customer discussions to address compliance and security-related questions.
• Assist in analyzing regulatory and privacy requirements across multiple jurisdictions (e.g., GDPR, CCPA).

Benefits

• Company paid Extended Health, Dental, HSA, Life, AD&D, Short-term Disability, Cancer Care Program, travel insurance, Employee Assistance Plan and Well-Being program.
• Retirement Savings Plans (RRSP, DCPP, TFSA) with a company contribution and a match to a DCPP, with no vesting period.
• Company paid holidays, vacation days, and paid sick leave.
• Voluntary Life, AD&D, Critical Illness, Long-Term Disability.
• Employee Discounts on home, auto, and gym membership.