Senior Cyber Risk and Compliance Specialist

About us:

Peoples Group is a boutique financial institution with offices located in Vancouver, Calgary, Toronto, and Montreal that has been in the Canadian marketplace for over 35 years. Our mission is to exceed our customers' expectations by providing exceptional customer service backed by extensive product knowledge and experience.

Our culture here at Peoples Group is formed by our values: Trustworthy, Creative, Willing. We believe people don't choose a company to work for, they choose a company to join. We prioritize risk-based practices and procedures in order to remain risk intelligent and compliant. We value people, building relationships, and focusing on strengths; we execute with passion.

About the work environment:

Peoples Group offers a flexible and hybrid work environment. In this role you will work a combination of in-office and remotely from home. Typically, you'll be working regular business hours, Monday to Friday between 8:00am and 4:30pm with flexibility around start/end times.

We are hiring for this position out of our Vancouver office. Successful candidates who apply outside of these areas will be expected to relocate and reside in a location that is within a commutable distance.

About you:

You are an experienced and highly skilled Senior Cyber Risk and Compliance Specialist, and you have a deep understanding of cybersecurity risk management practices as well as being adept at identifying, assessing, and mitigating cyber risks in a rapidly evolving threat landscape. In this role, you will play a crucial part in helping our organization strengthen its security posture and protect against emerging threats.

You will work closely with cross-functional teams, including IT, compliance, enterprise risk, and business units, to ensure that security risks are effectively managed and that our security programs align with industry standards and regulatory requirements.

About the qualifications:

• 5+ years of experience in Cybersecurity or IT risk management, with at least 2 years in a senior or lead role. 
• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOC2, CIS, etc.). 
• In-depth knowledge of risk assessment methodologies, threat modelling, and third-party risk management. 
• Experience with security tools and technologies (e.g., SIEM, vulnerability scanners, threat intelligence platforms, etc.). 
• Familiarity with regulatory requirements and industry standards (SOX, PCI-DSS, etc.). 
• Experience in regulatory compliance and auditing processes broadly (e.g., SOC 2, ISO 27001) and for financial services (e.g. OSFI) 
• Relevant security certifications such as CISSP, CISM, CISA, CRISC, or equivalent. 

About the day-to-day:

• Embed comprehensive risk assessments into all security controls to identify gaps in the organization’s cybersecurity posture. 
• Develop and maintain risk profiles for critical assets, systems, and data, processes and procedures for third-party security risk management assessments.
• Quantify and prioritize cyber risks based on potential business impact and likelihood, using qualitative and quantitative risk assessment methods.
• Collaborate with the security team, IT, and business leaders to design and implement risk management strategies and mitigation plans. 
• Stay informed of the latest cybersecurity threats, vulnerabilities, and industry best practices to continuously improve risk management processes and recommend and evaluate controls to mitigate risks, ensuring that security practices are integrated into all stages of system development and deployment.
• Ensure alignment with relevant industry standards, frameworks, and regulations (e.g., NIST, SOC 2, PCI, ISO 27001, etc.). 
• Develop processes and procedures to perform periodic policy reviews and approvals, validate processes match published policies.
• Prepare risk reports and presentations for senior leadership, ensuring that complex technical issues are communicated effectively to non-technical stakeholders.

Compensation:

Peoples Group is pleased to offer employees a competitive annual salary plus a discretionary profit share opportunity. Salary for this position will vary between $120,000 and $140,000 per year depending on the knowledge, skills, abilities and experience that the chosen candidate possess. As part of our recruiting process, shortlisted candidates will be asked their salary expectations for this position.

Help us get to know you better by answering our application questions! Your participation is expected as an essential part of our selection process.

NOTE: Peoples Group is an Equal Employment Opportunity employer. Please accept our utmost appreciation for your interest; however, only those applicants under consideration will be contacted. This job posting is for an existing vacancy.