GRC / TPRM Specialist in Information Security

July 8, 2025

emergiTEL

Job title: GRC / TPRM Specialist in Information Security

Company: emergiTEL


Job description:

  • 5+ years proven experience in GRC
  • Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks. (ex;. OnetTrust, Sentinel, Security Scrorecard, etc)
  • Good understanding of SOX IT General Controls (ITGCs) and compliance expectations related to external service providers.
  • Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
  • Practical experience with technology-related due diligence processes.

Langue : Bilingue ou AngloJob description:We are seeking to engage a consultant to support our Technology Third Party Risk Management (TPRM) program. The selected professional will work closely with the Information Security Governance, Risk & Compliance (GRC) team and other stakeholders to assess and monitor technology-related risks associated with external vendors.
Scope of Work:

  • Support the Technology TPRM process by performing risk assessments of third-party vendors providing technology products or services.
  • Review and analyze vendor responses to cybersecurity and risk questionnaires, including relevant supporting documentation.
  • Identify and report control gaps, with a particular focus on risks that could impact SOx (Sarbanes-Oxley) compliance.
  • Conduct technology risk analysis, map mitigation action plans, and track the closure of identified risks.
  • Assess and report on residual risk levels, ensuring clear documentation and escalation of high-risk findings.
  • Assist in conducting technology due diligence for new and existing vendors.
  • Collaborate with internal teams (Procurement, Legal, Privacy, Architecture) to ensure vendor engagements align with internal policies, standards, and regulatory requirements.

Required Qualifications:

  • Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks.
  • Solid understanding of SOx IT General Controls (ITGCs) and compliance expectations related to external service providers.
  • Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
  • Practical experience with technology-related due diligence processes.
  • Strong analytical, communication, and documentation skills.
  • Ability to work independently and manage multiple priorities in a dynamic environment.

Expected salary:

Location: Brossard, QC

Job date: Sun, 06 Jul 2025 06:16:27 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck

To apply for this job please visit jobviewtrack.com.

Share this post:   Facebook Whatsapp Telegram Twitter Email