Cyber Security Strategy & Operations Lead

We’re an energized bunch, who love to be at the forefront of innovation. We make it our mission to develop and stay ahead of the latest trends and technology. Our goal? To put customers at the core of what we do and to deliver solutions that drive transformation and unlock the potential of people and businesses.

Required Experience:

Minimum of 3 years of experience in information security governance, risk, and compliance.

Experience in security control library management, process writing, control statement writing, compliance documentation recertification, and driving updates.

Solid project management skills.

Excellent verbal and written English communication skills, with the ability to effectively interact with technical, business, and other stakeholders at all levels of the organization.

Superior analytical and problem-solving abilities, enabling assessment of complex security issues, prioritization of tasks, and development of practical solutions.

Adaptability in tailoring conversations and presentations for different audiences, spanning technical, non-technical, and executive leadership.

Demonstrated commitment to continuous learning and professional development in the field of cybersecurity.

Certification in information security or GRC is a plus (CISM, CISA, CISSP, CGRC, etc.)

Flexibility for consistent availability for Eastern (UTC-5) and Pacific (UTC-8) time zones.


Education/Certifications Desired:


Bachelor's degree from an accredited college or university, or equivalent experience.

Knowledge and experience in understanding implementation guidelines from security control frameworks, such as NIST CSF, NIST 800-53, PCI DSS, CIS, COBIT 5, CSA/CSM, ISO 27001.

Collecting and Validating Control Evidence:

Facilitate the collection and validation of evidence related to cybersecurity controls for scheduled audits and assessments.

Collaborate with internal teams to ensure accurate and comprehensive evidence submission.




Assessment Support:

Participate in assessment kickoffs and provide recurring status updates to relevant stakeholders.

Respond promptly to internal auditor and assessor requests, addressing any queries or information needs.


Security Control Library Management:

Maintain the security control library, ensuring it reflects the latest standards and best practices.

Regularly update control documentation based on compliance documents, industry frameworks, and regulatory requirements.



Vendor Assessment & Evaluation:

Conduct thorough assessments of third-party vendors' cybersecurity practices, including their security policies, procedures, and controls.

Evaluate vendors' compliance with industry standards (e.g., ISO, NIST, SOC 2) and regulatory requirements.

Review vendor security documentation, including audit reports, penetration test results, and security certifications.



Risk Identification and Mitigation:

Identify potential cybersecurity risks associated with third-party vendors and recommend appropriate mitigation strategies.

Collaborate with internal stakeholders to develop risk mitigation plans and monitor their implementation.

Maintain a risk register and track the status of identified risks and mitigation efforts.



Process Documentation:

Work closely with cybersecurity leaders to document and improve processes and procedures.

Capture essential details related to security controls and their implementation.




Performance Tracking and Reporting:

Track and report on the performance of audit and assessment support capabilities.

Identify areas for improvement and recommend remediation actions as needed.


Control Verbiage Certification:

Certify and update control verbiage, aligning it with compliance requirements and industry standards.

Benefits

Competitive salary plus discretionary annual bonus

Flexible vacation policy – a minimum of 21 days with option to take more

Life insurance x2 and disability insurance x2

Medical insurance including free telemedicine, dental coverage

Other healthcare benefits including hospitalization protection and free prescription glasses

Flexible benefits including Gym discount, book discount (Bookster)

Employee Wellbeing Assistance program – 24/7 free service for you and immediate family

Enhanced Pension – III Pillar

Enhanced parental benefits (bonus and gifts for children)