View all jobs
Langue : Bilingue ou Anglo
Job description:
We are seeking to engage a consultant to support our Technology Third Party Risk Management (TPRM) program. The selected professional will work closely with the Information Security Governance, Risk & Compliance (GRC) team and other stakeholders to assess and monitor technology-related risks associated with external vendors.
Scope of Work:
GRC / TPRM Specialist in Information Security-79876
Brossard, QC- 5+ years proven experience in GRC
- Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks. (ex;. OnetTrust, Sentinel, Security Scrorecard, etc)
- Good understanding of SOX IT General Controls (ITGCs) and compliance expectations related to external service providers.
- Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
- Practical experience with technology-related due diligence processes.
Langue : Bilingue ou Anglo
Job description:
We are seeking to engage a consultant to support our Technology Third Party Risk Management (TPRM) program. The selected professional will work closely with the Information Security Governance, Risk & Compliance (GRC) team and other stakeholders to assess and monitor technology-related risks associated with external vendors.
Scope of Work:
- Support the Technology TPRM process by performing risk assessments of third-party vendors providing technology products or services.
- Review and analyze vendor responses to cybersecurity and risk questionnaires, including relevant supporting documentation.
- Identify and report control gaps, with a particular focus on risks that could impact SOx (Sarbanes-Oxley) compliance.
- Conduct technology risk analysis, map mitigation action plans, and track the closure of identified risks.
- Assess and report on residual risk levels, ensuring clear documentation and escalation of high-risk findings.
- Assist in conducting technology due diligence for new and existing vendors.
- Collaborate with internal teams (Procurement, Legal, Privacy, Architecture) to ensure vendor engagements align with internal policies, standards, and regulatory requirements.
- Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks.
- Solid understanding of SOx IT General Controls (ITGCs) and compliance expectations related to external service providers.
- Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
- Practical experience with technology-related due diligence processes.
- Strong analytical, communication, and documentation skills.
- Ability to work independently and manage multiple priorities in a dynamic environment.