(Remote) Compliance & Governance Specialist

About The Position

Requirements

• 5+ years in information security compliance, risk management, or audit, with hands-on SOC 2 Type II experience as the primary requirement.
• Deep working knowledge of SOC 2 Trust Services Criteria and practical audit mechanics.
• Experience operationalizing ISO 2700, maintaining an ISMS, managing CAPAs, and sustaining certification.
• Ability to assess control design and operating effectiveness, identify gaps, and drive remediation without authority over the teams implementing fixes.
• Strong written communication.
• Comfort working in a cloud-native environment (Azure) and understanding how infrastructure decisions affect control coverage.

Nice To Haves

• Experience with ISO 42001 or AI/ML governance frameworks, model risk management, responsible AI policy, or AI impact assessments.
• Background in regulated industries: utilities, municipalities, government.
• Familiarity with evidence collection automation.
• CISSP, CISA, CRISC, ISO 27001 Lead Auditor/Implementer, or equivalent certification.

Responsibilities

• Own and manage the organization's security compliance programs, including SOC 2 Type II, ISO 27001, ISO 42001, and other relevant frameworks.
• Own audit readiness end-to-end: gap assessments, control mapping, auditor coordination, walkthroughs, and remediation follow-up.
• Turn framework requirements into clear, actionable, and lightweight controls that teams can operate without slowing delivery.
• Drive evidence collection automation in partnership with Engineering; the goal is evidence-by-default.
• Maintain scope, context, governance artifacts, and Statement of Applicability.
• Run internal audits, manage CAPAs, and sustain certification readiness.
• Evaluate control design and operating effectiveness; identify gaps and drive actionable remediation.
• Maintain the AIMS: AI use-case inventory, impact assessments, and human oversight controls.
• Collaborate with AI-Ops on model documentation (model cards), bias/fairness testing, explainability, drift monitoring, and adversarial robustness controls.
• Produce compliance dashboards and KPI reporting for leadership and customers.
• Evaluate control design and operating effectiveness against internal policies/standards and external frameworks; identify control gaps and actionable recommendations.
• Operationalize and sustain the ISMS (ISO/IEC 27001) and AIMS (ISO/IEC 42001), including scope, context, governance, and required.
• Lead third-party/vendor risk management: due diligence, review of security documentation, contract/control requirements, and tracking vendor remediation and data-protection alignment.
• Evaluate residual risk and support risk acceptance decisions with documented rationale.
• Collaborate with the AI-Ops team in building and maintaining AI-Governance.
• Manage the responsible AI policy lifecycle alongside the AI Ops team.
• Collaborate with the AI-Ops team in implementing AI risk/model governance controls aligned to ISO/IEC.
• Work with "Engineering" in automating the collection of evidence and control testing, internal audits, managing CAPAs, and maintaining continuous audit readiness.
• Partner with Engineering, Product, and Legal to bake in controls into the SDLC.
• Translate framework requirements into plain-language controls that engineers can operate without slowing delivery.
• Collaborate with the "Security" team in identifying, evaluating and acting on vulnerabilities reported by our monitoring systems and/or external channels.
• Work closely with the "Security" team in the coordination and execution of the different frameworks.
• Produce compliance reporting and dashboards.
• Define and track security & compliance KPIs, lead management reviews to ensure a healthy compliance posture to stakeholders.
• Drive continuous improvement of risk and control maturity based on trends, audit results, and business impact.

Benefits

• 3 weeks’ vacation and 5 personal days
• Comprehensive Medical, Dental, and Vision benefits starting from your first day of employment
• Employee stock ownership and RRSP/401k matching programs
• Lifestyle rewards
• Remote work