Senior GRC/S Specialist - Information Security Governance & Automation
Broadsign is a growing software company with a mission to make buying, selling, and delivering out-of-home media easier than ever.
Our software is operated by some of the most successful out-of-home businesses and powers impactful, compelling campaigns seen across the world.
Come light up the world as a Senior GRC/S Specialist in Montreal or Ontario(Hybrid).
We are seeking a highly motivated, experienced, and strategic GRC/S (Governance, Risk, and Compliance/Security) Specialist to join our dynamic team. In this critical senior role, you will play a pivotal part in shaping and executing our security assurance programs, primarily focusing on leading our SOC (Service Organization Control) audit processes and managing complex third-party security questionnaires and assessments. A significant aspect of this role will be driving the identification, implementation, and optimization of automation opportunities to enhance efficiency, accuracy, and scalability across our GRC/S functions.
Drive the collection of audit evidence, conduct thorough control walkthroughs, and ensure robust documentation.
Develop, maintain, and continuously improve control narratives, policies, and procedures to ensure ongoing SOC 1 & 2 compliance and audit readiness.
Develop and implement audit plans, ensuring alignment with organizational goals and risk appetite.
SIG, CAIQ, custom questionnaires) from key customers and partners, ensuring high-quality and timely submissions.
Design and execute thorough security assessments of third-party vendors and service providers, evaluating their security posture, contractual compliance, and alignment with our organizational risk appetite.
Champion and lead initiatives to automate repetitive GRC/S tasks, with a strong emphasis on evidence collection for audits, intelligent response generation for questionnaires, and continuous monitoring.
Develop and maintain sophisticated scripts or integrations to enhance data flow, collection, and reporting across various security and business systems.
Drive the continuous improvement of GRC/S processes, policies, and tools, fostering a culture of efficiency and innovation.
Provide expert guidance and mentorship to individual contributor team members and internal stakeholders on security best practices, compliance requirements, and risk management principles.
Stay ahead of the latest industry trends, regulatory changes, and emerging threats in the cybersecurity and GRC landscape, advising leadership on potential impacts and necessary adjustments.
Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field, or equivalent practical experience.
~8+ years of progressive experience in a GRC, Information Security, or IT Audit role, with a strong emphasis on security compliance and assurance.
~Demonstrated leadership experience in managing and successfully completing SOC 1 & 2 audits, including strategic planning, execution, and remediation oversight.
~ Deep understanding and practical experience leading the implementation and optimization of GRC automation tools and platforms (e.g., Logic Manager, Metric Stream, Archer, Service Now GRC, One Trust, Risk Recon, Vanta, Drata, or similar).
~ Exceptional written and verbal communication skills, with the ability to articulate complex security and compliance concepts clearly and persuasively to senior leadership, auditors, and technical teams.
~ Proficiency and experience with advanced automation and data analysis.
Experience in a leadership, project management, or mentoring capacity.
Demonstrated experience working in a fast-paced, high-growth, agile environment.
In-depth knowledge of cloud security principles and experience with major cloud platforms (AWS, Azure, GCP) security management.
Wellness: $500 annual Wellness fund for mental/physical health and office-related expenses.
Complete company insurance plan (health, dental, vision, travel) effective from day one (100% employer-paid). $500 annual Health Care Savings Account (HCSA) for additional health-related expenses. Unlimited access to virtual healthcare platform (Telus Health).
Paid Time Off: Minimum 3 weeks vacation, plus an additional week off during the holidays, 5 sick/personal days, and 2 volunteer days.
Retirement Savings: Transportation reimbursement for travel to a Broadsign office.
Parental leave salary supplement.
Training & development opportunities with a yearly budget to support professional growth.
At Broadsign, we value the varied social identities that make up our community. Our promise is to be an inclusive employer and partner, open to learning, with thoughtful strategies and practices that amplify the different voices of our industry.
