Manager, Security Risk & Compliance

Ottawa, Ontario, Canada | IT & Security

Apply Now

Veem empowers small and medium businesses who spend too much time and money dealing with inefficient financial payment systems. Our transparent, relationship-based payments model makes it easy to build trust with your vendors, contractors and customers by providing a quick and seamless payable and receivable process. We make the process even easier for these clients by supporting integration with all major accounting software including QuickBooks, Netsuite, and Xero. Backed by top investors such as Truist Ventures, Google Ventures, Goldman Sachs, Kleiner Perkins and a global syndicate of tech-forward banks based in the US, Japan, China, Australia, and the Middle East, Veem is a fast-growing financial technology company that is changing the way companies pay and get paid.

You are a Cybersecurity Risk & Compliance expert with extensive experience providing Online services to a demanding set of Global, Enterprise, and emerging customers across a diverse range of private sector industries and government entities; experience in Banking, Fintech, Financial Services, Payment Card or Global Logistics sectors is a highly desirable.  The Manager, Security Risk & Compliance position is responsible for working under the leadership of the head of IT & Security in achieving, maintaining, and expanding certifications necessary to meet the ever-increasing regulatory and corporate requirements of Veem customers in support of aggressive growth and market expansion goals.  This is an opportunity to leverage your technical and business skills to have a global impact in the dynamic and competitive Technology Business Management market which Veem has established and for which is the undisputed leader.

As an organization, Veem has a very strong innovative and nimble culture; it is open, transparent, and very customer focused.  Leaders in the organization consistently showcase the following key attributes and look to build teams that embrace these qualities every day:

  • Growth Mindset
  • Deal with ambiguity and change
  • Take ownership and accountability
  • Customer-focused
  • Foster an inclusive environment

Responsibilities:

  • Conduct and deliver cyber security risk assessments, audits, and evaluations, security reviews and security assurance testing.
  • Lead gap analysis, security vulnerability assessments, residual risk management and risk remediation with clear reporting of security and risk KPI’s, metrics definition, probability/impact analysis, business impact analysis and recommendations on risk mitigate/avoid/transfer/accept
  • Provide cybersecurity KPI/KRI/progress reporting, build presentations, cybersecurity roadmap for tactical execution, maintain a living risk register and update cybersecurity heat map.
  • Provide regular assessments on threat landscape, technology trends, and emerging security technologies
  • Seek and interpret threat intelligence based on organizational risks
  • Contribute to the design, implementation, and operations of procedural and technical security controls
  • Perform technical audits of IT General Controls, Information Security, SDLC, Application Security and Operations.
  • Determine audit scope, design testing strategies, test, evaluate, and document controls, identify control gaps and report audit issues based on significance, risk, and impact.
  • Collect, review, analyze and verify the performance of internal controls, adherence to internal policy & procedures and customer data security expectations.
  • Conduct environmental scan; perform analysis to identify key business risks and controls.
  • Manage follow-up on open audit issues and facilitate agreement with risk owners and controls treatment owners to ensure timely closure of action plans.
  • Keep abreast of current and emerging technologies and recommend changes to audit programs, as necessary.
  • Provide reports, briefings and risk-based recommendations on routine and non-routine cybersecurity events and incidents including responding to organizational crises 
  • Lead and facilitate lessons learned, post-mortem and best practices activities on cybersecurity events and incidents
  • Establish strong Vendor and Third Party Risk Management practice, analyze the cyber security posture of third parties and report on findings, review cyber related attestations by third parties, document third party cyber security capabilities and security architecture.

Qualifications

Basic Qualifications: 

  • Minimum 5 years’ experience with achieving, maintaining, and expanding a comprehensive portfolio of certifications to demonstrate the appropriate Cloud SaaS security posture to customers and prospects
  • Expertise with the following Information Security frameworks and compliance standards: NIST, C2M2,  SOC1/2/3, PCI-DSS, ISO/IEC 27001, NIST, MTL certification, Cloud Security Alliance Cloud Controls Matrix (CCM)
  • Experience interpreting and complying with rules/regulations related to privacy and data confidentiality (e.g., GDPR, CCPA, OSFI, B10, PIPEDA).
  • Proficiency with risk assessment programs and methodologies
  • Experience in common software vulnerability standards such as CVE, CVSS scoring, CIS security controls as well as research and testing methodologies like OWASP Top 10 and SANS Top 25.
  • Strong expertise in SABSA core security capabilities – IAM, Cryptography, Data Loss Protection, SSDLC, Fraud Prevention and detection, Threat Intelligence, Monitoring and Alerting, Endpoint Protection, Cloud, Network and Server security, Application Security
  • Experience and/or knowledge of information security tools/systems:  SIEM, DLP, IDS/IPS, etc.
  • Understanding key security principles, such as MITRE ATT & CK Framework, Lockheed Martin Kill Chain
  • Exceptional project management abilities and a data driven,  client-centric mindset with experience in Jira, Agile, and Scrum Planning being considered an asset.
  • Experience with GRC/IRM technology solutions such as (e.g. RSA Archer, ServiceNoW, MetricStream, Refinitiv, OpenPages, etc.).
  • Expert knowledge of Cloud Security and Multi Cloud environments, especially AWS, GCP, and Data Security in multi cloud stores including AWS, GCP, SnowFlake data lake, Terraform. 
  • Hands on engineer, self-starter capable of working in fast paced startup environment with cross functional collaborative team
  •  Experience in fintech sector is an asset
  • CISA/CISM/CISSP (or equivalent) certification required)

Desired Qualifications: 

  • Excellent interpersonal skills for building and establishing strong relationships with key stakeholders
  • Collaborative work style; effective communication; cross-functional teamwork.
  • Ability to independently plan, organize and prioritize tasks.
  • Strong general business skills and an aptitude for critical thinking and intellectual curiosity.
  • Great attitude, self-motivating and independent, takes ownership of tasks from start to end.
  • Highly organized and comfortable working in a rapidly changing and ambitious environment.
  • Strong knowledge of desktop, server, application, and network security principles for conducting comprehensive business impact analysis and risk identification.

COVID-19 considerations: Office has masking and social distancing protocol in place. Subject
to legal restrictions, all employees will be required to provide proof of vaccination to be
regularly in the office.

Perks:

  • Competitive Salary
  • Comprehensive Benefits Package (Health, Dental, Medical, Vision)
  • Group RRSP Plan (after 3 months)
  • 3 weeks vacation
  • Friday afternoon unwind