Managing Consultant, Governance, Risk, & Compliance (GRC)
Toronto, ON, CA Vancouver, BC, CA Edmonton, AB, CA, T5J 0E5 Montréal, QC, CA Calgary, AB, CA
Description
Join our team!
In today's rapidly evolving digital landscape, safeguarding our information is more critical than ever. At TELUS Security, we're not just keeping up—we're leading the charge. We confront the most formidable security challenges with unmatched expertise and state-of-the-art technology.
Are you ready to shape the future of cybersecurity? Step into a pivotal role as a Managing Consultant with our Security Professional Services team and make a lasting impact. Define your career with us and be part of a team that doesn't just protect but prevails.
We are currently recruiting for an experienced project-based Governance, Risk, and Compliance Management Consultant to join our team, focusing on long-term cybersecurity consulting projects with TELUS customers across Canada. This role requires a self-starter who provides consulting expertise to external TELUS clients. The ideal candidate must possess outstanding relationship skills and strong security knowledge as they deliver consulting engagements. Key responsibilities include security posture/maturity assessments, gap assessments, compliance readiness, and risk assessments for external clients. This highly consultative and collaborative role focuses on helping our customers achieve ambitious business and information assurance goals. This position is virtual/remote in nature, allowing you to “work from anywhere,” though up to 10% onsite work may be required based on client and project requirements.
Qualifications
You’re the missing piece of the puzzle:
You are likely in a similar GRC consulting role, with many of the following abilities and experience points:
- For this senior role, you bring ten or more years of experience working in IT and cybersecurity
- You are a leader in the Cybersecurity Assessment domain, with ten or more years of experience leading information security assessments, particularly utilizing standards such as NIST CSF, ISO 2700, CIS 18, and CMMC
- You are known for effective engagement management: You lead governance, risk and compliance engagements, including performing risk and gap assessments and security audits, from scoping and kick-off through to final delivery
- Relevant Professional Certifications that demonstrate expertise, such as ISO 27001 Lead Implementer/Lead Auditor, CISA, CISSP, CISM, CompTIA Security+, PCI DSS QSA, etc
- Project Ownership: You manage project timelines, supported by a Project Manager for large & complex deals, and deliver within the agreed-upon schedule and time allocation
- Policy and Procedure Development: You thrive on reviewing, authoring, or developing security policies and procedures and excel at executive level communications
- You have the ability to explain complex and technical cybersecurity concepts and controls to executive and non-technical audiences
- Virtual CISO Consulting Support: Your background includes supporting a variety of clients with varying compliance and security needs You assist with client requirements scoping, pre-sales calls, proposal scoping, and statement of work development
- You bring technical foundation and infrastructure knowledge: An understanding of network-based security and technologies, such as firewalls and IPS, as well as of security infrastructure components associated with Cloud technologies and on premise requirements.
- Experience with Payment Card Industry PCI DSS audits is highly valued for this role
Great to haves:
We are especially motivated to connect with people who have one or more of the following:
- Regulatory Framework Knowledge: Knowledge of regulatory compliance frameworks that our client base is subject to (e.g., HIPAA, PCI-DSS, SOC 2, ISO 27001/2, NIST CSF, CMMC, etc.)
- Audit Preparation: Experience with assisting customers to prepare for their ISO 27001/SOC2 audit
- Knowledge of Privacy Management practices and regulatory requirements, knowledge of PCI-DSS compliance audit, knowledge of vulnerability standards and knowledge of security architecture standards
- Language Skills: E-F bilingual or business level communication skills in both English and French is an asset
- Education: Related post-secondary education, with a University degree preferred
- Security Clearance: Government of Canada security clearance (Secret), or the ability to obtain specified clearance
The successful person will be subject to a security and background checks and may need to meet eligibility requirements for access to classified information.
Advanced knowledge of English is required because you will on a regular basis interact in English with external parties (clients, suppliers, candidates, external partners, etc.); interact in English with internal parties (colleagues, internal partners, stakeholders, etc.); and work with IT tools whose interface is only accessible in English as part of this position's main responsibilities given its national scope.