Security, Risk and Audit Advisor

GIRO IS YOUR WAY FORWARD At GIRO, our mission is clear: Improving quality of life around the world through software and services that increase the efficiency of public transport and postal delivery. Joining us means contributing to projects and initiatives that makes a real difference to millions of people. E very line of code, every idea, every action, advances our impact around the world. Join us and let’s lead the way forward, together. Why choose GIRO? • Join a Quebec software company that is an international leader • Advance your career in a collaborative work environment where expertise and commitment are the driving force behind every project • Stability based on long-lasting client relationships and our long-term vision AN ENVIRONMENT FOR GROWTH Here, we focus on an inclusive and positive environment. We offer a range of benefits, including • Flexible working hours, including remote work for a balanced life. • Team activities and annual traditions that we take pride in • Everyday support: Employee assistance program, telemedicine and mental health support. • Training and professional development opportunities to grow, learn and discover your way forward. YOUR CONTRIBUTION WILL MAKE A POSITIVE IMPACT As a Security, Risk and Audit Advisor, you are a seasoned professional with solid and recognized expertise across various areas of information security. Your primary responsibilities include contributing to the implementation and continuous improvement of GIRO’s security program and advising internal teams on information security best practices. Reporting directly to the Director, Governance, Compliance and Risk Management, your role is divided into two components: Governance, Risk and Compliance (GRC) – Implementing and Enhancing the Security Program Identify and maintain security controls based on risks and contractual and regulatory requirements. Evolve security policies, procedures, guidelines, and other documentation to accurately reflect our security processes. Plan and participate in annual internal and external security audits and work closely with auditors to maintain security certifications. Monitor and follow up on the risk treatment plan. Support the Director in developing the security roadmap and in delivering security-related projects. Advisory Role – Supporting Internal Teams (e.g., software development, client project management, and client delivery teams) Perform and continuously evolve security risk and threat assessments (TRA). Identify security measures required at each stage of the SDLC and support teams in the design, implementation, awareness, and documentation of their internal controls. Support teams in the design, implementation, awareness, and documentation of their internal controls. SKILLS AND QUALIFICATIONS THAT WILL MAKE YOU A KEY PILLAR OF OUR TEAM At least 10 years of experience in a GRC security advisory role. University degree in a relevant discipline. Holds a CISA, CISM, CRISC, or CISSP certification, or equivalent. Strong knowledge of ISO 27001, ISO 27701, and SOC 2 standards. Knowledge of ISO 42001 (asset). Knowledge of security frameworks such as NIST CSF, NIST SSDF, and OWASP DSOMM. Strong knowledge of secure software development practices (SDLC, OWASP, DevSecOps). Experience using GRC tools (e.g., AuditBoard, BitSight, KnowBe4, or similar). Advanced experience using MS Office tools (Excel, PowerPoint, Word, Azure DevOps, Teams). Bilingual, spoken and written French (mandatory) and English (the position requires proficiency in English due to occasional interactions with English-speaking employees, clients, and suppliers). READY TO HELP SHAPE THE FUTURE WITH US? Apply today and connect with our Talent Acquisition team. We look forward to meeting you! In accordance with the standards and regulatory requirements to which GIRO adheres, all positions—whether permanent, fixed-term, or internship—are subject to a criminal background check. Positions that involve access to financial data are also subject to a credit check. All verifications are conducted in accordance with GIRO’s established procedures. Employment Conditions Candidates must be legally authorized to work in the selected country at the time an offer of employment is made. It is the sole responsibility of candidates to obtain any required work permits, visas, or other authorizations prior to their start date. The masculine form is used solely to simplify the text.