GRC Specialist

Overview:

Guidepoint's Engineering team thrives on delivering innovative technology solutions that accelerate revenue growth, reduce costs, and increase efficiency and productivity. As Guidepoint achieves its mission of making individuals, businesses, and the world smarter through personalized knowledge-sharing solutions, the engineering team is taking on challenges to create new products and improve existing platforms to optimize the seamless delivery of our services.

The GRC Specialist works with the Information Security Team in a global environment. The incumbent coordinates and performs Security Governance, Risk, and Compliance assessments under the direction of the Head of Information Security. This position ensures the administration of internal controls, policies, and procedures are maintained along with handling audits, risk assessment, soc2 controls and process, and other frameworks, including regulatory matters.

This is a hybrid position out of our Toronto office. 

What You’ll Do: 

• Administer GRC (governance, risk, and compliance), security controls, risk assessments, security compliance, testing, and regulatory requirements that align with Guidepoint’s objectives and obligations.
• Perform due diligence on Guidepoint’s security controls and defined standards and update existing policies and procedures to manage and respond to change and new initiatives.
• Perform and investigate incidents and exceptions to remediate process/control failures.
• Manage SOC2 Compliance and other security frameworks and regulations: GDPR, Data Classification, etc.
• Assess and Manage Vendor services and agreements.
• Coordinate security practices such as Business Continuity Process, DR and Pen Testing, etc.
• Perform recurring security training, employee security assessments and training.
• Document incident responses, reports,
• Collaborate with technical, business and legal leadership.
• Develop reporting metrics, dashboards, and evidence artifacts.
• Assist security staff in other related security program functions.
• Continue knowledge of best practices and technological advancements.

What You Have: 

• Bachelor's degree from an accredited college/university with major / degree preference, as applicable 
• 4-10 years of information security governance, risk assessment, compliance principles, laws, and regulations.
• Information Security processes, operations, cloud infrastructure, data architecture, and controls.
• Knowledge of cyber security standards, and frameworks (SOC2, PCI-DSS,  NIST, etc.)
• Information Security audits and assessment processes; incident responses.
• Maintaining confidentiality when handling sensitive situations, data, etc.
• Communication and presentation skills in articulating technical definitions and terms to diverse audiences.

What We Offer: 

• Paid Time Off
• Comprehensive benefits plan
• Company RRSP Match
• Development opportunities through the LinkedIn Learning platform

About Guidepoint: 

Guidepoint is a leading research enablement platform designed to advance understanding and empower our clients’ decision-making process. Powered by innovative technology, real-time data, and hard-to-source expertise, we help our clients to turn answers into action. 

Backed by a network of nearly 1.5 million experts and Guidepoint’s 1,300 employees worldwide, we inform leading organizations’ research by delivering on-demand intelligence and research on request. With Guidepoint, companies and investors can better navigate the abundance of information available today, making it both more useful and more powerful. 

At Guidepoint, our success relies on the diversity of our employees, advisors, and client base, which allows us to create connections that offer a wealth of perspectives. We are committed to upholding policies that contribute to an equitable and welcoming environment for our community, regardless of background, identity, or experience. 

#LI-NJ1

#LI-HYBRID