Venor is proud to partner with Prevalent in their search for a GRC Risk Consultant. Named a 2022 Gartner Peer Insights Customers’ Choice for IT Vendor Risk Management Tools, Prevalent’s Canadian engineering team is growing in response to record-breaking growth. The Prevalent Third-Party Risk Management (TPRM) platform is a unified SaaS solution that combines automated, standardized risk assessment with continuous risk monitoring, assessment workflow, and remediation management across the entire third-party lifecycle. Their software and services enable you to eliminate the security and compliance exposures that come from working with vendors, suppliers, and other third parties – from sourcing to offboarding.
With over 120 employees between the US, UK, and across Canada, the ideal candidate will work in a hybrid-remote-first work environment from Ottawa, Ontario.
Prevalent is seeking a highly skilled GRC Risk Consultant with extensive experience in ISO 27001, NIST, SOC 2, and other related risk frameworks. The ideal candidate will have a strong background in information security, risk assessment, and compliance, and will advise clients on best practices to mitigate risks and ensure compliance with relevant standards. As a Risk Consultant, you will conduct risk assessments and gap analyses using frameworks like ISO 27001, NIST, and SOC 2, while developing and maintaining information security management systems (ISMS) to meet ISO 27001 standards. You will also guide clients through the implementation of NIST frameworks (CSF, SP 800-53), SOC 2 Trust Service Criteria, SOC1, HITRUST, and ESG standards.
Key responsibilities include performing security and risk audits, creating reports for client third parties, and developing content for surveys related to Information Security, ESG, and Financial and Business frameworks. Additionally, you will develop customized risk management strategies, monitor the effectiveness of security controls, and stay up-to-date with industry trends.
While the role is 80% home-based remote work, there will be occasional requirements for onsite visits or office attendance in Ottawa, as well as collaboration with teams to integrate risk management into business operations.
Desirable Experience
- Experience with additional frameworks such as GDPR, HIPAA, PCI-DSS, COBIT and DORA.
- Familiarity with risk assessment tools and software.
- Experience in incident response and crisis management.
- Knowledge of cloud security and emerging technologies.
- Experience in Vulnerability and Threat Management
- Experience in Business Monitoring
- Ability to utilize knowledge and experience to manage multiple projects and deadlines effectively.
- To be fluent in written and verbal English
- To maintain an enthusiastic and positive attitude
- To maintain strong interpersonal skills required to build relationships
- Strong communication and presentation skills
What we are looking for:
- Bachelor’s degree in Information Security, Computer Science, or a related field. Advanced degree preferred.
- Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
- Minimum of 5 years of experience in risk management, information security, or compliance consulting.
- In-depth knowledge of ISO 27001, NIST CSF, NIST SP 800-53, SOC 2, and other relevant frameworks and standards.
- Proven experience in developing and implementing ISMS and cybersecurity frameworks.
- Strong analytical, problem-solving, and decision-making skills.
- Excellent communication and presentation skills, with the ability to explain complex concepts to non-technical stakeholders.
- Ability to manage multiple projects and meet deadlines in a fast-paced environment.
- High level of integrity, professionalism, and attention to detail.
What’s in it for you:
- Hybrid Working Model with 80% home-based work
- Unlimited PTO
- RRSP matching
- Health and dental coverage
- A talented team of peers and leaders to collaborate with and learn from
- Personal and professional growth opportunities
At Venor, we embrace a culture of belonging in the workplace. No matter who you are, where you’re from, how you think, what you believe in, or who you love, we welcome your application. We all come from different backgrounds and different walks of life, bringing in unique perspectives and experiences. We encourage applications from 2SLGBTQ+, Black, Indigenous, and People of Colour (BIPOC), women, newcomers to Canada, and people with disabilities. If you require any accommodation in the application and interview process, please let us know (including different materials or otherwise).
For more information on this exciting opportunity, please reach out to Craig Coady at craig@venor.ca or Anna Bryant via anna@venor.ca