Requirements
- Extensive hands-on expertise in cloud infrastructure design, data protection methods, secure application development, and identity and access management frameworks.
- Completion of advanced academic work in cybersecurity, computer science, information technology, or a related discipline.
- Strong proficiency in written and spoken communication, with demonstrated ability to engage and coordinate with both technical teams and executive leadership.
- Minimum of five years in governance, risk, and compliance roles, including at least three years managing third-party or vendor risk programs.
- In-depth applied understanding of widely recognized security audit frameworks and standards such as SOC 2, ISO 27001, SIG, and CSA STAR.
- Proven experience using GRC tools like ServiceNow GRC or Archer to automate compliance and risk assessment workflows.
- Background in reviewing and negotiating legal agreements with attention to security provisions and service-level commitments.
- Professional experience managing risk across international vendor ecosystems and diverse regulatory environments.
Nice to Have
- Holdings of recognized certifications such as CRISC, CTPRP (Certified Third-Party Risk Professional), or CISA.
