At Aviso, we are dedicated to improving the financial well-being of Canadians. As a leading wealth management organization, we are committed to leadership, innovation, partnership, responsibility, and community. Working with talented and energetic professionals who exemplify our values every day, you will quickly notice that our people and dynamic ‘oneaviso’ culture sets us apart. If you are looking for interesting and challenging work, at a company committed to its people, find out more about what Aviso has to offer at www.aviso.ca.

The Opportunity:

We’re looking for an experienced Security GRC Specialist to join our growing Security GRC team.

Reporting to the Director of Security Governance, Risk & Compliance (GRC), the Security GRC Specialist will be responsible to govern the risk management lifecycle, including monitoring findings remediation, assurance programs and reporting appropriate metrics to the senior leadership.

Who you are:

Service – You consider both internal and external stakeholders and demonstrate intent of understanding and putting the clients’ needs first. You advocate service excellence and work to deliver solutions that meet the needs. You proactively develop strategic partnerships that allow Aviso Wealth to become a trusted advisor and partner
Execution – You are committed to achieving your goals and to succeed. This includes focusing on “getting things done”, as well as recognizing and taking advantage of opportunities as they arise. You are consistently looking for ways to improve your personal best and see value in continuous improvement. You take accountability for your actions and learn from mistakes
Collaboration – You work collaboratively with others with the common goal of driving positive results. Making meaningful contributions to your team to achieve organizational goals is a priority. You proactively encourage collaboration, build trust and inclusion, and work to establish effective relationships both inside and outside of the organization

What your day looks like:

Risk Management

Conduct risk assessments of IT infrastructure, applications, third parties, and critical processes to identify, assess and report on technology and cybersecurity risks

Track and Manage mitigation plans and ensure timely resolution
Support the development and maintenance of cybersecurity risk register KPI monitoring and reporting

Governance

Assist in development, review and maintenance of Technology & Cybersecurity Policies, Standards, and procedures
Ensure alignment of internal policies with industry frameworks (NIST, ISO, COBIT) ·
Support audits and board level reporting including preparing key metrics

Assurance

Monitor compliance with external regulatory and internal control requirements

Support internal and external audits · Conduct periodic control testing including design and operating effectiveness

Third Party Risk

Support vendor risk assessments, including reviewing response to questionnaire

GRC Tools ·

Maintain and enhance governance process through GRC tools (e.g., Archer, ServiceNow GRC, Resolver etc.)
Support reporting, dashboard creation and automation of risk and compliance processes

Your experience and skills:

Bachelors Degree in Information Security, Computer Science, Business, Risk Management or a related field

Relevant certifications such as CRISC, CISA, CISSP are an asset
5-8 years of experience in IT risk, cybersecurity risk, audit, compliance or equivalent roles
Working knowledge of IT governance frameworks and standards (e.g., NIST CSF, ISO 27001, ITIL)
Familiarity with regulatory and compliance requirements
Experience with GRC platforms and tools
Ability to work in a fast-paced environment and stay updated on emerging threats and vulnerabilities
Proactiveness, natural curiosity, a willingness to learn, adaptability in an evolving environment, and a strong problem-solving mindset
Ability to work across multiple business units and collaborate across teams
Fluent communication skills in English are required and bilingual skills in French are an asset

Aviso Wealth