logo image

Welcome to careers at Malleum

GRC Consultant (Governance Risk & Compliance) - Future Opportunities

remote
Ottawa, Ontario, Canada .
contract . June 10, 2024

Description

*** Please note, this posting is for future opportunities within Malleum. By submitting your resume, you understand that this is for upcoming positions. ***

Explore Malleum 

We’re looking for someone who shares our passion for information security, a team player who loves to collaborate, a curious and creative mind that enjoys learning, and a trusted partner who wants to grow with us.

Not only do we offer internal opportunities within Malleum, but we are always on the hunt for skilled contractors to work with our many clients. If you're interested in contract work, please indicate such on your profile and we'll be in touch!
 
Why join the Malleum team? 

Countless opportunities to learn and develop in your career while working closely with top leaders and a high performing team. Contribute to meaningful work that directly impacts the organization and gain the freedom needed to be innovative and become a leader in your role. We are proud of maintaining a considerate environment that holds a focus on employee well-being. 

If you join the Malleum team as a full time employee, you'll get to experience these great perks:

Our Culture 
  • 100% Work from Home/Remote 
  • Flexible Hours  
  • Monthly Health & Wellness Initiatives  
  • Lunch & Learn Initiatives  
 
Benefits:  
  • Stock Option Plan 
  • GRSP (RRSP Matching) 
  • Competitive salary 
  • Annual Professional Development Fund 
  • Comprehensive Health & Dental Group Benefits 
 
Work/Life Balance  
  • Generous Paid Time-Off (public holiday, personal & vacation leave) 
  • Annual Holiday Shutdown (2 Weeks off December)  

Want to work on your own? We hire independent contractors and consultants in this field too! Let's chat more about the contracts we have - apply today!

What you will do 
 
  • Evaluate client needs and translate those needs into well scoped statements of work. 
  • Develop proposals for GRC consulting services to our clients while collaborating with the sales team. 
  • Plan and lead GRC assessments and consulting engagements for clients requiring GRC support or services 
  • Conduct audit and risk assessments alone and as part of a multi-disciplinary team 
  • Effectively manage project deadlines, and collaborate with the team to provide agreed upon project timelines, schedules and time allocation  
  • Report to company directors and other stakeholders about on-going projects 
  • Carry out research to gain an understanding of clients’ business and GRC needs 
  • Provide guidance on building and maturing information security programs and the implementation of tools and technologies used for enterprise security 
  • Develop policies and procedures for clients as well as collect/analyse data to prepare reports 
  • Engage with clients to address concerns, issues, or create escalations, track all issues that impact the service and its value to clients 
  • Design and implement service delivery collateral and highlight areas for improvement and risk reduction 
  • Present recommendations to the client as well as provide continuous implementation support 
 
Who you are  
 
  • Bachelor’s degree (Computer Science, Management Information Systems, Business Technology Management, or another relevant field) 
  • 3-5 years of experience in a Cybersecurity consulting environment with a passion for governance, risk, and compliance 
  • Excellent written and verbal communication skills with high attention to detail and accuracy 
  • Demonstrated interpersonal skills and professional experience with ability to efficiently network and build relationships with client groups and internal teams 
  • Solid knowledge and understanding of information risk concepts and principles 
  • A sound understanding of the components that comprise a successful information security program 
  • Relevant experience with industry best-practice approaches to the governance, operation, and management of IT systems (e.g. NIST, ISO 27000, SANS Critical Controls, ITIL, COBIT, ISO 31000, etc) 
  • Technical knowledge of the business and cybersecurity risk 
  • Strong stakeholder management skills including CISOs and external regulators 
  • Ability to define and deliver training exercises, workshops, presentations, and briefings 
  • Ability to successfully interface with clients and manage expectations 
  • Ability to document and explain technical details in a clear and concise manner 
 
Bonus points… 
  • Experience in offensive security methods  
  • Experience with vulnerability assessment tools and methods  
  • Relevant certifications such as CISSP, CRISC, CISM, CISA 
 
 
Security Clearance 

Fulfill requirements to apply for SECRET level II 
Eligibility for Security Clearance: Canadian Citizen or Permanent Resident 

Know someone who would be a perfect fit? Let them know!