Job Description

Our culture lifts you up--there is no ego in the way. Our common purpose? We all want to win for our customers. We aim to always be evolving, dynamic, and ambitious. We believe in the power of genuine connections. Each employee is a part of what makes us unique on the market: agile and dedicated.
Time Type: Regular
:
Lead Specialist, Security GRC
POSITION SUMMARY
As the Lead Specialist for Governance, Risk, and Compliance (GRC), you will operate as a senior individual contributor driving the maturity of our information security program. You will take ownership of critical GRC processes, including security and IT policy development, framework implementation, risk assessment, maintain a risk register, regulatory monitoring, audit management and reporting. A key component of this role is providing mentorship to junior analysts and directly contributing to the continuous improvement of the organization's overall security governance, risk posture and compliance.
KEY RESPONSIBILITIES
Strategic GRC Leadership & Program Management
Lead the development, review, and continuous improvement of information security policies, standards, baselines, and guidelines, ensuring they are comprehensive, enforceable, and strategically aligned.
Drive the implementation and operationalization of security governance frameworks (e.g., NIST CSF, ISO 27001) across diverse organizational functions, acting as a primary subject matter expert.
Contribute to the development of the Information Security strategy and roadmap based on observed security gaps and evolving GRC requirements.
Provide expert guidance and interpretation of security policies and standards to IT teams, business units, and project teams.
Contribute to GRC program maturity assessments and the development of strategic improvement plans.
Advanced Risk Management & Influence
Lead and execute complex security risk assessments (e.g., enterprise-wide, application-specific, third-party) to identify, analyze, and evaluate security risks to information assets and business processes.
Develop detailed risk reports and mitigation strategies, articulating complex architectural risks clearly and influencing enterprise-level risk decisions by highlighting their potential business impact to executive stakeholders.
Produce and maintain comprehensive risk assessments for each business project.
Develop detailed risk reports and mitigation strategies, articulating technical risks clearly to both technical and non-technical stakeholders, including executive leadership.
Develop and manage the organization's Third-Party Risk Management (TPRM) program, including the establishment of processes for vendor risk assessment, due diligence, ongoing monitoring, and contract management from a risk perspective.
Develop detailed risk treatment plans and provide actionable recommendations for risk mitigation, working closely with asset owners and technical teams to ensure effective implementation.
Maintain and enhance the security risk register, ensuring accurate tracking of risks, controls, and mitigation progress.
Compliance & Audit Management
Oversee the lifecycle of security exception and approval requests, ensuring thorough documentation, appropriate routing, tracking, timely resolution, and actively contributing to the development and enforcement of exception policies and standards, providing guidance to requestors and approvers.
Manage and coordinate responses to internal and external security audits (e.g., SOC 2, ISO 27001, PCI DSS, regulatory exams), acting as a primary liaison with auditors and facilitating evidence collection.
Oversee the tracking, remediation, and validation of audit findings and non-conformities, working with responsible teams to ensure timely and effective closure.
Drive compliance initiatives for relevant laws and regulations such as PIPEDA, US and Canadian Privacy laws, and other industry-specific mandates.
Develop and deliver comprehensive compliance reports to management and other stakeholders.
GRC Tooling & Automation
Optimize the utilization of the GRC management solution to enhance automation, streamline workflows, and improve reporting capabilities for risk, compliance, and policy management.
Track the effectiveness of GRC initiatives and identify areas for improvement; collaborating with technical teams to implement solutions.
Develop and maintain complex dashboards and reports within the GRC tool to provide real-time insights into the organization's GRC posture.
Mentorship & Collaboration
Provide mentorship and guidance to junior GRC analysts, assisting in their professional development and the execution of their tasks, fostering a collaborative team environment.
Collaborate extensively with cross-functional teams including IT, Legal, Internal Audit, Privacy, and various business units to embed GRC principles into daily operations.
Communicate complex GRC concepts and findings clearly and concisely to diverse audiences, from technical staff to senior management.
ACADEMIC TRAINING
Bachelor's degree in Information Security, Business Administration, or a related field (or equivalent practical experience).
Preferred certifications: CISA, CRISC, CISSP, or other GRC-related.
SPECIFIC COMPETENCIES
Solid and demonstrable understanding of information security principles, risk management methodologies, and compliance frameworks, with the ability to apply them independently.
Excellent written and verbal communication skills, with the ability to effectively communicate risk and compliance concepts to various audiences, including executive leadership.
Proven experience in leading and executing security risk assessments, including identifying, analyzing, and recommending mitigation strategies for risks.
Significant experience in independently leading and conducting compliance self-assessment activities related to frameworks such as PCI DSS, GDPR, HIPAA, SOC 2, or others relevant to the organization.
Strong analytical and problem-solving skills with a keen attention to detail and the ability to think critically about complex issues.
Strong organizational and project management skills, with the ability to manage multiple tasks and deadlines effectively.
Demonstrated ability to work independently and take ownership of assigned responsibilities.
Fluent in English and French (spoken and written) required to collaborate with stakeholders in Quebec, Ontario, and across the United States.
Experience in mentoring or providing guidance to junior team members.
Familiarity with GRC tools and technologies is an asset.
Location : Montreal, QC
Company : Cogeco Communications Inc.
At Cogeco, we know that different backgrounds, perspectives, and beliefs can bring critical value to our business. The strength of this diversity enhances our ability to imagine, innovate, and grow as a company. So, we are committed to doing everything in our power to create a more diverse and inclusive world of belonging.
By creating a culture where all our colleagues can bring their best selves to work, we're doing our part to build a more equitable workplace and world. From professional development to personal safety, Cogeco constantly strives to create an environment that welcomes and nurtures all. We make the health and well-being of our colleagues one of our highest priorities, for we know engaged and appreciated employees equate to a better overall experience for our customers.
If you need any accommodations to apply or as part of the recruitment process, please contact us confidentially at

Skills Required