Senior Information Security Specialist (Governance and Risk)

Senior Information Security Specialist (Governance and Risk)

Who We Are:  

Headquartered in Canada with locations across the United States and around the globe with a footprint on six continents, Bulletproof, a GLI company has decades of technology, security, and compliance expertise. Bulletproof’s work in the security space has been recognized nationally and globally with Microsoft’s global Security Partner of the Year in 2021 and five Microsoft Canada Impact Award wins from 2019 to present-day.  
 
At Bulletproof, our vision is to serve, secure, and empower the world through people and technology; one customer at a time. We believe everyone has the right to feel safe and secure. Our mission is to serve and protect organizations to ensure their success. 
  
What we have to offer 

•    Challenging Work - We love solving highly complex problems. Across our teams and in all roles, every employee is empowered to bring their best ideas forward and to jump in and solve the problems they're passionate about. 
•    Great People - We are stronger, together, when we are open, honest, and above all, real. Every person is valued here and plays an important role in our shared success. 
•    Global Impact - As a global team spanning continents, boundaries, and cultures, every day we are inspired by the impact our work has on our colleagues, our customers, our communities, and the world at large. 
•    Diversity, Equity and Inclusion - We celebrate each other’s differences, continuously strive for equality and recognize that inclusion makes us stronger as individuals, a company and a global citizen. 
 

About the Job:

The Senior Information Security Specialist (Governance and Risk) works closely with the broader Information Security team to deliver service directly to clients. It is responsible for diving deep into a client organization, conducting risk assessments, leading client security governance meetings, creating policies, implementing information security programs, assessing compliance, and guiding an organization through information security changes.
You will have proven risk and governance experience and building security programs.
 
Duties and Responsibilities:
 
• Consulting and acting as the expert to find the intersection of business process, technical infrastructure and compliance laws, rules, and regulations as it relates to clients.
• Perform or guide an assessment from start to finish with a risk-based approach the client's security posture by identifying findings and providing recommendations to reduce risks.
• Working with clients to Implement Information Security Risk Management programs.
• Working with clients to create written information security plans and/or system security plans, creating and updating policies based on changing security or compliance requirements, business processes and/or provincial/state/federal regulations.
• Providing ongoing guidance and project/program management for client’s information security programs, including consulting with clients, advising on compliance, guiding through information security implementation and compliance situations.
• Leading governance meetings, planning meetings, client training, and tabletop exercises.
• Designing future state from a pragmatic standpoint and advise clients on prioritization to improve their security posture.
• Creating presentations and trainings that are easy to understand, user friendly, and align with company culture.
• Assessing third-party supply chain risks.
• Assessing Information Security and Technology risks.
• Monitoring industry standards and frameworks.
• Defining, improving, and guiding procedures, tools, and reporting practices in GRC.   
• Provides support to project scoping and engagement planning, including participating in kick-off meetings, promptly supporting project manager requests, supporting technical inquiries for sales or marketing, responding to complex client technical queries.
• Supports practice leads by performing specific team leadership tasks as assigned, such as hosting team meetings or calls, acting as an owner for specific team organizational processes, or ensuring specific project goals are on track.
 
Required Education and Credentials:
 
• Bachelor’s degree in any subject area or equivalent experience.
• Information Security certifications such as CISM, CISSP, CRISC, CDPSE, GRCP are considered an asset but not required.
 
Skills and Experience:
 
• Minimum seven years leading and implementing information security programs experience.
• Three years of business consulting experience.
• Proactive in identifying and resolving issues and working through challenges with a positive attitude.
• Empathetic team member able to build strong relationships with clients and team members.
• Strong written and oral communication skills.
• Critical eye for details.
• Able to work effectively with minimal supervision.
• Excellent time management, task planning, and prioritization skills.
• Strong proactive project management skills.
• Understanding of Business Management.
• Knowledge of Security technology and cloud environments.
• Knowledge of security and privacy frameworks/standards.
• Able to adapt quickly to changing client and team requirements.
• Proficient with Microsoft Office Suite of Tools
• Leadership and relationship-building skills.
• Able to meet deadlines.
• Able to document issues, alternatives, and recommendations in an effective manner suitable for executive consumption.

Equal Opportunity Statement:  
  
Bulletproof is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Bulletproof is also committed to compliance with all fair employment practices regarding citizenship and immigration status.