Job title: GRC / TPRM Specialist in Information Security
Company: emergiTEL
Job description:
5+ years proven experience in GRC
Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks. (ex;. OnetTrust, Sentinel, Security Scrorecard, etc)
Good understanding of SOX IT General Controls (ITGCs) and compliance expectations related to external service providers.
Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
Practical experience with technology-related due diligence processes.
Langue : Bilingue ou AngloJob description:We are seeking to engage a consultant to support our Technology Third Party Risk Management (TPRM) program. The selected professional will work closely with the Information Security Governance, Risk & Compliance (GRC) team and other stakeholders to assess and monitor technology-related risks associated with external vendors. Scope of Work:
Support the Technology TPRM process by performing risk assessments of third-party vendors providing technology products or services.
Review and analyze vendor responses to cybersecurity and risk questionnaires, including relevant supporting documentation.
Identify and report control gaps, with a particular focus on risks that could impact SOx (Sarbanes-Oxley) compliance.
Conduct technology risk analysis, map mitigation action plans, and track the closure of identified risks.
Assess and report on residual risk levels, ensuring clear documentation and escalation of high-risk findings.
Assist in conducting technology due diligence for new and existing vendors.
Collaborate with internal teams (Procurement, Legal, Privacy, Architecture) to ensure vendor engagements align with internal policies, standards, and regulatory requirements.
Required Qualifications:
Proven experience in Technology TPRM and third-party risk assessments, including knowledge of cybersecurity and regulatory frameworks.
Solid understanding of SOx IT General Controls (ITGCs) and compliance expectations related to external service providers.
Demonstrated experience in technology risk analysis, action plan mapping, and residual risk management.
Practical experience with technology-related due diligence processes.
Strong analytical, communication, and documentation skills.
Ability to work independently and manage multiple priorities in a dynamic environment.
Expected salary:
Location: Brossard, QC
Job date: Sun, 06 Jul 2025 06:16:27 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck