Governance, Compliance and Risk Specialist

Canada (Remote)

About reSolved

We partner with organizations that do good, so they can be better. Because we believe there is always a better way. Our clients have a clear purpose and vision. They are the leaders, innovators, allies, and dynamos solving society’s complex challenges and making the world a better place. reSolved is the silent partner that helps purpose-driven organizations succeed. We empower our clients to deliver greater impact now and into the future, by making their technology work for them and bringing their people, processes, and meaningful results into focus. We give our clients the tools and knowledge to do what they do, better and more efficiently. Our team has implemented best-in-class technologies for some of the largest, high profile philanthropic organizations, multinational corporations, government agencies, and research institutions, bringing decades of deep knowledge and expertise to help them create lasting change in 100 countries using solutions in 12 languages throughout the United States, Europe, Asia, and Canada.

We have grown by 250% in the last three years and now have people in Canada, the US, India, and Europe, with office locations in Toronto and Ireland. If you love solving problems and you thrive in diverse teams and developing solutions to complex challenges, this is a great role for you! You can learn more about our culture, values, and clients here.

What will your day look like

Governance, Risk and Compliance
  • Leads the design, implementation, operation, maintenance, and continual improvement of the Information
  • Security Management System (ISMS) in accordance with evolving standards: ISO 27001, Cyber Essentials, and others.
  • Identifies, and ensures operational compliance with applicable legal, contractual, and regulatory
  • Leads the internal and external ISMS audit processes, establishing audit plans to ensure ongoing
  • Accountable for Business Continuity plan design and maintenance and educates staff as needed.
  • Develops plans to treat control gaps, non-conformities, exceptions, and risk treatment plans.
  • Leads the corporate and information security risk management process, including identification, evaluation,and treatment.
  • Develops policies, procedures, and documentation for effective ISMS implementation and management;
  • Updates and monitors company policies and procedures to ensure consistent, effective practices.
  • Monitors and measures the effectiveness of controls, information security objectives, and ISMS performance metrics, and reports on these to Executive Management.
  • Ensures the ISMS is effectively communicated with internal and external interested parties.
  • Implement and maintain reSolved’s GRC system.
  • Create, manage and update internal reSolved legal agreements, policies, and related templates.
  • Reviews key documents with legal counsel.
  • Review, draft, and negotiate external/client agreements and policies.
  • Manage library of legal and compliance documentation.
  • Other duties as assigned.
Privacy
  • Ensures reSolved’s compliance with applicable jurisdictional privacy laws.
  • Serves as the subject matter expert on global privacy and data protection laws as we operate in three countries.
  • Drafts and maintains contracts related to privacy and data protection between reSolved and its clients, staff, subcontractors and other parties.
  • Develops and reviews existing policies, procedures and practices related to privacy, and periodically updates in the case of changes to laws, regulatory or organizational policy.
  • Maintains up-to-date knowledge, and conducts research on applicable privacy and security compliance laws, regulations, and accreditation standards.
  • Provides training and educational content for staff, new hires, clients, and prospects.
  • Liaises with clients regarding legal and technical inquiries related to privacy.
  • Conducts data protection compliance reviews and risk assessments to ensure privacy program
  • Accountable for Incident and Breach Management through data breach investigation, communication, and documentation.
  • Other duties as assigned.

What you bring

Requirements
  • A Bachelor’s degree in related field (or equivalent work experience)
  • 4+ years’ experience in a similar risk management, privacy and compliance role.
  • Demonstrated experience in a consulting or SaaS technology services company.
  • Demonstrated experience with ISO 27001 or 9000 series Certification
  • Proficient in Incident Management and Response
  • In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, etc.
  • Thrives in fast-paced working environment.
  • Knowledge of applications, databases, middleware to address security threats

Only shortlisted candidates will be contacted for an interview. No phone calls, please. The successful candidate must be residing in Canada, have a valid work permit and be legally eligible to work in Canada, bondable and willing to participate in a security background check.

We are committed to building an intentionally inclusive environment that engages, supports, and empowers employment equity and diversity in the workplace and communities served. We welcome applications from women, racially visible individuals, people with disabilities, Indigenous peoples, and LGBTQ+ persons.

reSolved is all about doing business inclusively and we are committed to providing accessible employment practices. We encourage you to connect with us at hr@re-solved.ca if you require an accommodation in the recruitment process or need this job posting in an alternative format. We’d love to hear from you!

We use cookies and other technologies so that we can understand how you use our site. Further use of this site will be considered consent. For more information, please view our Website Privacy Statement.