Senior GRC/S Specialist - Information Security Assurance & Automation

About us

Broadsign is a growing software company with a mission to make buying, selling, and delivering out-of-home media easier than ever. Our software is operated by some of the most successful out-of-home businesses and powers impactful, compelling campaigns seen across the world.

Come light up the world as a  Senior GRC/S Specialist in Montreal (Hybrid)

What to expect

We are seeking a highly motivated, experienced, and senior-level GRC/S (Governance, Risk, and Compliance/Security) Specialist to join our dynamic team.
In this critical senior role, you will play a pivotal part in shaping and executing our security assurance programs, primarily focusing on leading our SOC (Service Organization Control) and other audit processes and managing complex third-party security questionnaires and assessments.
A significant aspect of this role will be driving the identification, implementation, and optimization of automation opportunities to enhance efficiency, accuracy, and scalability across our GRC/S functions.

Key Responsibilities:

• SOC Audit Leadership:
• Coordinate all phases of SOC 1 & 2 audits, acting as the primary point of contact for auditors and internal stakeholders.
• Drive the collection of audit evidence and oversee the tracking and management of audit findings, ensuring timely remediation.
• Advanced Third-Party Security Program Management:
• Lead the comprehensive management and response to complex incoming third-party security questionnaires from key customers and partners, and maintain a centralized repository of standardized responses.
• Design and execute thorough security assessments of third-party vendors, evaluating their security posture and contractual compliance, and maintain a centralized repository of detailed vendor assessment findings.
• GRC/S Automation & Innovation Driver:
• Champion and lead initiatives to automate repetitive GRC/S tasks, focusing on evidence collection and intelligent response generation.
• Optimize advanced GRC/S automation tools and drive the continuous improvement of GRC/S processes.
• GRC/S Automation & Innovation Driver:
• Contribute to the development and evolution of the overall GRC/S strategy and roadmap.
• Provide expert knowledge transfer to team members and stay abreast of the latest industry trends and regulatory changes.

What you need to perform in this job 

• 5+ years of progressive experience in a GRC, Information Security, or IT Audit role, with a strong emphasis on security compliance and assurance.
• Relevant industry certifications such as CISA, CRISC, CISM, CISSP, or equivalent.
• Demonstrated leadership in managing and successfully completing SOC 1 & 2 audits, including planning, execution, and remediation oversight.
• Extensive experience managing and responding to complex third-party security questionnaires and conducting in-depth vendor security assessments.
• Practical experience leading the implementation and optimization of GRC automation tools and platforms (e.g., Vanta, Drata, LogicManager, MetricStream, Archer, ServiceNow GRC, OneTrust, RiskRecon, or similar).
• Expert-level familiarity with common security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 1 and SOC 2 ).
• Exceptional written and verbal communication skills, with the ability to articulate complex security and compliance concepts clearly and persuasively to senior leadership, auditors, and technical teams.
• Strong analytical, critical thinking, and advanced problem-solving abilities, with a proactive and results-oriented approach.
• Client-oriented approach.
• Self-motivated, positive attitude, and a team player.
• Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field, or equivalent practical experience.

Additional qualifications :

• Experience with leading Privacy regimes such as GDPR and/or certifications such as CDPSE.
• Experience in a leadership, project management, or mentoring capacity.
• Demonstrated experience working in a fast-paced, high-growth, agile environment.
• Knowledge of cloud security principles and experience with major cloud platforms (AWS, Azure, GCP).
• Strong Change Management experience, adept at managing changes to minimise risk and ensure compliance. 
• Should know ITIL-aligned processes, tools, and best practices, and collaborate effectively with teams to facilitate smooth transitions.
  
  

What we bring to the table

• Wellness: $500 annual Wellness fund for mental/physical health and office-related expenses. 
• Comprehensive Benefits: Complete company insurance plan (health, dental, vision, travel) effective from day one (100% employer-paid). $500 annual Health Care Savings Account (HCSA) for additional health-related expenses.Unlimited access to virtual healthcare platform (Telus Health).
• Paid Time Off: Minimum 3 weeks vacation, plus an additional week off during the holidays, 5 sick/personal days, and 2 volunteer days.
• Retirement Savings: Group RRSP with a 50% employer matching up to 4% of your salary.
• Financial Perks: Transportation reimbursement for travel to a Broadsign office.
• Family Support: Parental leave salary supplement.
• Growth Opportunities: Training & development opportunities with a yearly budget to support professional growth.

At Broadsign, we value the varied social identities that make up our community. We recognize talent comes in different forms and encourage applications that reflect different backgrounds and experiences. Our promise is to be an inclusive employer and partner, open to learning, with thoughtful strategies and practices that amplify the different voices of our industry.

Knowledge of French is required for positions permanently located in Quebec so incumbents can communicate with their colleagues and partners in Quebec as necessary. French-language training is offered to all incumbents in permanent positions in Quebec who do not have a good knowledge of French. Fluent English is required for this position in order to communicate with colleagues, clients and partners (or suppliers) located outside Quebec and to understand the technical and scientific documentation used in our industry