Match score not available

GRC Lead

unlimited holidays - extra holidays - work from home - coworking available

Remote:

Full Remote

Contract:

Full time

Experience:

Mid-level (2-5 years)

Work from:

Canada

Offer summary

Qualifications:

3 years of Cyber Security experience, 1+ years in Information Technology, 1+ years using OneTrust or similar, Management experience in cybersecurity sectors, Knowledge of NIST, ISO, GDPR compliance.

Key responsabilities:

Develop and manage IT and InfoSec governance programs
Oversee cyber vulnerability management processes
Conduct risk assessments and develop treatment plans
Create and deliver cyber security awareness training
Act as liaison for control audits and best practices

Fortis Games Gaming Scaleup https://www.fortisgames.com/

201 - 500 Employees

See more Fortis Games offers

Job description

Who we are

At Fortis Games we aspire to make great games that bring people together while redefining how game companies work. We believe in building a sense of belonging through our games, their communities, and how we operate and treat each other. Through our game communities, we will create powerful connections and lasting memories. We will foster a culture of diversity, equity and belonging where together our diverse skills, experiences and backgrounds impact the games we make.

We are an early but mighty organization with a leadership team of game industry veterans. There are many opportunities for you to have a big impact on the products we'll be making as well as the overall direction of the company. If you're passionate about tackling difficult problems with direct and thoughtful communication and team first mentality, we may be the right place for you.

About the role

Fortis Games is hiring for a GRC Lead to help build, manage, execute, and track the end to end processes in the following areas: vulnerability management, cyber data governance, risk and verification, cyber awareness and training, and cyber policy/standards/standard operating procedures development. This role will focus on delivering on our IT and InfoSec portfolios to service our company.

What you will do

Develop the program(s) to support the governance of our IT and InfoSec Risk and Compliance programs in the following disciplines:

Vulnerability management which includes tracking the triage and remediation of scans of the Fortis computing environment for secure configurations and vulnerabilities as well as tracking and performing the exception processes
Cyber governance, risk and verification which performs risk assessments, system security and industrial control system zone security plans including listing controls, gaps in implemented controls and tracking remediation of gaps, and provides input to the risk register
Third party risk management including risk assessment of vendors and or applications. Identify risks and create treatment plans for the assessment.
Cyber security awareness and training which includes creating and delivering cyber awareness training based on role and rank within the organization, and arranging and tracking cyber team member information security training and role progression. Conducts Simulated Phishing campaigns quarterly for all Fortis team members.
Cyber & IT policy/standard and standard operating procedure creation, review, distribution, and maintenance
Collection and reporting of metrics to IT and InfoSec Leadership

Act as a liaison for all audits of our controls, best practices, and standards.

What you will need to be successful

3 years of experience in a Cyber Security role
1+ years of experience of related field work in an Information Technology role
1+ years of experience using OneTrust (or similar) platform
Demonstrated management experience in at least one area in the following list:

Cyber Vulnerability Management
Cyber Governance and Risk
Cyber Awareness and Training
Cyber Policy/Standard/Standard Operating Procedures

Working knowledge of threats and vulnerabilities and their significance to cyber risk
Working knowledge of NIST 800-53, ISO 27001, CIS Benchmarks, SOX Compliance, GDPR, and familiarity with SOC 1 and 2 reports.
Excellent verbal and written communication skills are crucial for conveying technical information to non-technical stakeholders, facilitating meetings, and maintaining effective communication within distributed global teams.
Experience working with internal and external partners and vendors to achieve goals on aggressive timelines
Self motivated and proactive with demonstrated creative and critical thinking skills
Comfortable with ambiguity

Why join us

There are many reasons to join us, but here are a few:

We strongly believe we are changing how games studios operate and at the core of what we do is making great games that create a connected community
We're not just about making Games Where You Belong. We're also about building communities where our people belong. That's why Fortis is a thriving environment that celebrates diversity, embraces inclusivity, and fosters growth.
Build and grow with a seasoned team of accomplished talent who have left an impactful mark in their disciplines, both in and out of gaming

Fortis is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability.