Senior GRC Specialist

The Ontario Cannabis Store provides safe, responsible access to recreational cannabis for adults 19 and older .

We operate the provincial online store for recreational cannabis in Ontario and are the exclusive provincial wholesaler to authorized private retail stores.

Working at the OCS is a unique opportunity to be part of an agile start-up in a ground-breaking new industry.

We’re a diverse team passionate about delivering a great customer experience, working together with mutual respect and building value out of our differences.

We’re an inclusive organization that understands that delivering great results comes out of ensuring every voice is heard.

About the Role We are hiring for Senior GRC Specialist This individual along with their peers will be responsible, for operational activities, executing our IT GRC program, developing expertise in using ServiceNow’s GRC tool as well as providing recommendations across all GRC domains, and at times leading the implementation of improvements both across IT and to mature our GRC program.

The Senior GRC Specialist will also keep up to date in their field, across all domains, including changes to industry standards, emerging threats, best practices as well as changes to the technologies used and the threats presented to ensure risks are accurate and recommendations are precise and relevant.

The Senior GRC Specialist will support and coordinate audits for IT, both external and internal, ensuring the artifacts provided satisfy the request from the auditor.

About Your Day Responsible for writing, or advising regarding Information Technology Policies, Standards, Guidelines, Procedures, Plans, Playbooks & SOPs Ensuring policies and procedures are reviewed and documented on schedule & communicated to all relevant parties in compliance with OCS processes Responsible for performing gap analysis of IT governance and remediating gaps Performing all aspects of a risk management program including assessing risk, documenting technical details as well as documenting risk in a way that is easily understood by non-technical individuals Performing risk assessments of vendors, generating final reports, presenting to leadership including SLT and providing advice in order to improve processes Support audits, both internal and external while building trust and maintaining positive working relationships with internal and external auditors Execute the compliance attestation in Service Now’s GRC module tracing controls to frameworks Maintain the platform from an operational perspective, ensuring controls are assigned to the correct parties, attestations are completed correctly and on time, while maintaining expectations Ensure GRC’s compliance program has sufficient coverage across critical controls including those outside of the platform Develop compliance controls where required and add them to the platform where practical and effective About You Bachelor’s Degree or higher in Information Security, Computer Science, Information Technology, Engineering or equivalent work experience 7 years of progressive work experience in GRC or Information Security including vulnerability assessments/remediation and security operations Certifications in one or more of the following areas: CISSP, CISA, CRISC, CISM, GRCP, CGRC, GIAC Knowledgeable of CIS, ISO 27001, COBIT, NIST and related industry standards/frameworks Intermediate to advanced knowledge of Threat Risk Assessment (TRA) design and delivery Remote Work This position offers a Hybrid work schedule.

You will be required to be in the office a minimum of 1 day each week, with the ability to work from home for the remaining workdays (subject to specific business needs requiring office attendance).

When working from home, a reliable internet connection is required.

Remote work is supported with cloud-based applications and collaboration tools (i.e., MS Teams) About the Job City: Toronto, ON Employment Type: Permanent, Full Time Required Travel: none We are committed to providing an accessible, equitable and inclusive candidate and employee experience.We provide reasonable accommodation throughout the recruitment process and in employment.

If you require an accommodation, please let us know, we will work with you to meet your needs.