Governance, Compliance and Risk Specialist - Toronto, Canada - Re-Solved

Re-Solved

Verified Company

Toronto, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Canada (Remote):

About reSolved:

We partner with organizations that do good, so they can be better. Because we believe there is always a better way. Our clients have a clear purpose and vision. They are the leaders, innovators, allies, and dynamos solving society's complex challenges and making the world a better place. reSolved is the silent partner that helps purpose-driven organizations succeed. We empower our clients to deliver greater impact now and into the future, by making their technology work for them and bringing their people, processes, and meaningful results into focus. We give our clients the tools and knowledge to do what they do, better and more efficiently. Our team has implemented best-in-class technologies for some of the largest, high profile philanthropic organizations, multinational corporations, government agencies, and research institutions, bringing decades of deep knowledge and expertise to help them create lasting change in 100 countries using solutions in 12 languages throughout the United States, Europe, Asia, and Canada.

We have grown by 250% in the last three years and now have people in Canada, the US, India, and Europe, with office locations in Toronto and Ireland.

If you love solving problems and you thrive in diverse teams and developing solutions to complex challenges, this is a great role for you

What will your day look like:

Governance, Risk and Compliance

Leads the design, implementation, operation, maintenance, and continual improvement of the Information
Security Management System (ISMS) in accordance with evolving standards: ISO 27001, Cyber Essentials, and others.
Identifies, and ensures operational compliance with applicable legal, contractual, and regulatory
Leads the internal and external ISMS audit processes, establishing audit plans to ensure ongoing
Accountable for Business Continuity plan design and maintenance and educates staff as needed.
Develops plans to treat control gaps, nonconformities, exceptions, and risk treatment plans.
Leads the corporate and information security risk management process, including identification, evaluation,and treatment.
Develops policies, procedures, and documentation for effective ISMS implementation and management;
Updates and monitors company policies and procedures to ensure consistent, effective practices.
Monitors and measures the effectiveness of controls, information security objectives, and ISMS performance metrics, and reports on these to Executive Management.
Ensures the ISMS is effectively communicated with internal and external interested parties.
Implement and maintain reSolved's GRC system.
Create, manage and update internal reSolved legal agreements, policies, and related templates.
Reviews key documents with legal counsel.
Review, draft, and negotiate external/client agreements and policies.
Manage library of legal and compliance documentation.
Other duties as assigned.

Privacy

Ensures reSolved's compliance with applicable jurisdictional privacy laws.
Drafts and maintains contracts related to privacy and data protection between reSolved and its clients, staff, subcontractors and other parties.
Develops and reviews existing policies, procedures and practices related to privacy, and periodically updates in the case of changes to laws, regulatory or organizational policy.
Maintains uptodate knowledge, and conducts research on applicable privacy and security compliance laws, regulations, and accreditation standards.
Provides training and educational content for staff, new hires, clients, and prospects.
Liaises with clients regarding legal and technical inquiries related to privacy.
Conducts data protection compliance reviews and risk assessments to ensure privacy program
Accountable for Incident and Breach Management through data breach investigation, communication, and documentation.
Other duties as assigned.

What you bring:

Requirements:

A Bachelor's degree in related field (or equivalent work experience)

-
4+ years' experience in a similar risk management, privacy and compliance role.

Demonstrated experience in a consulting or SaaS technology services company.
Demonstrated experience with ISO 27001 or 9000 series Certification
Proficient in Incident Management and Response
Indepth knowledge of security concepts such as cyberattacks and techniques, threat vectors, risk management, incident management, etc.
Thrives in fastpaced working environment.