Governance, Risk & Compliance Specialist
Open Full TimeToronto, ON
We’re Ten Thousand Coffees (10KC) and we believe that it's the informal moments with colleagues, mentors, and leaders where people learn and grow the most. Mentoring, networking, and informal talent development is where 85% of careers are found and 90% of learning happens, yet is largely left to serendipity and chance (which can then lead to biases and nepotism). Building relationships leads to career development, new opportunities, breakthrough ideas and cultures where we feel like we belong.
We’re building the world’s best technology to deliver the best mentoring, networking and informal development experiences. 10KC offers innovative solutions to help clients evolve and adapt their current programs to address the challenges of the modern day workplace.
We’ve built award winning partnerships to strengthen connectivity and talent development in enterprise, academic, and industry organizations. Our clients include Fortune 1000s like the Royal Bank of Canada (RBC), PWC, Adidas, General Electric, Telus, Johnson & Johnson, post-secondary academic institutions across Canada, and diversity networks like Ascend and Black Professionals In Tech Network (BPTN). We have big plans to grow and are building a world-class team to help us meet (and exceed!) our ambitious goals.
Our team is currently seeking a Governance, Risk & Compliance Specialist.
- Please note that our system displays PDF resumes more clearly and preserves your formatting. Other formats will work, but PDF is preferred.
- Think you're a great fit for this role but don’t meet 100% of the criteria listed below? Apply anyways - we'd love to speak with you if you meet most of the requirements!
10KC is permanently remote and building a digital-first culture. We welcome applications from across Canada.
10KC is looking for a Governance, Risk and Compliance Specialist to help sustain and grow our Information Security Compliance & Governance practice. Reporting to the CTO you’ll be primarily responsible for governance and compliance management activities of 10KC’s overall internal controls.
You’ll develop scalable programs that minimize the risk of data exposure, data misuse and ensure adherence to regulatory guidelines and industry best practices (i.e.HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP ) for 10KC products and operations.
You’ll work closely with Engineering and other cross functional teams to effectively identify security risks and make recommendations to the CTO regarding the adequacy of the security controls for 10KC’s information and technology systems.
What you’ll do
- Research and maintain updated knowledge on current, new, and developing legal, regulatory and contractual requirements to properly assist with client requirements scoping and pre-sales calls.
- Perform internal audit and risk assessments of 10KC.
- Effectively and appropriately communicate audit engagement reports and recommendations to 10KC management and resolve any partner concerns or questions.
- As a champion for continuous improvement, you’ll strive to create and maintain solutions that uphold 10KC’s continuous compliance with a broad set of ever changing industry standards and regulations.
- Meet/exceed defined contribution goals for services you will deliver and monitor key KPIs for GRC programs.
- Participate in external audits including SOC 2 and ISO27001 reporting and client reviews (client audits, due diligence, vendor risk assessments etc.)
- Review security posture of third party service providers.
What you’ll bring
- Demonstrate significant experience leading information security audits, particularly SOC2, IS0 27001 and NIST and executing scalable Governance, Risk Management & Compliance initiatives for a high growth B2B SaaS company.
- Experience authoring and implementing policies, procedures and controls making you the go-to person for solving security and compliance related problems.
- Enough Information Technology and Information Security experience to contextualize and make relevant and valuable recommendations.
- Demonstrate a highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
- Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
- Certifications that demonstrate expertise, would be considered an asset (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
- Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).
- Experience completing and maintaining Security Questionnaires (e.g. SIG 2022, CAIQ v4.0.1, CIS Controls v8).
- Effective and proactive written and verbal communication skills.
- Related post-secondary education, University preferred.
- CPA designation is considered an Asset.
- Experience with cloud compliance assessments and audits, considered an asset.
- Experience with compliance automation tools considered an asset (e.g. Drata, Vanta, Tugboat, etc).
Expected salary range: $110,000-$150,000 base (+ performance bonus + equity)
More About 10KC
At 10KC, we are dedicated to building a diverse and inclusive community, one where employees feel a sense of belonging, and are valued for their contributions and the perspectives they bring. We celebrate and support our differences. In 2021 we welcomed new team members who are BIPOC, LGBTQ+, and neurodiverse as a part of our team (and we’ll continue to hire more in 2022!). Our mission is to democratize opportunity through the power of human connection. 10KC is proud to be an equal opportunity employer. We strongly encourage everyone to apply. Whatever your background, race, creed, sex, gender, orientation, religion, people with living with disabilities, and foreign-born residents, to apply - you belong here!
Benefits and Perks
- Comprehensive health & dental benefits
- Employee assistance program (support for mental health, family & relationship, child & eldercare, work & career, legal, financial, and more)
- Flexible time off (vacation days, flex days, health days, winter holiday closure, Summer Fridays)
- Home office set up allowance
- Monthly fitness stipend
- Monthly internet and phone stipend
- Parental benefits program
- Permanently remote in Canada (options to work short-term abroad)
- Flexible working hours to suit your lifestyle and needs