Compliance Officer - Cybersecurity, Risk and Compliance
Job Purpose
We are seeking a Compliance Officer to work on a variety of challenges relating to scaling security and compliance programs. The ideal candidate will oversee and manage the Network Innovations Group's compliance with certification requirements across all operational and business processes, with a specific focus on standards such as ISO 27001, CMMC, ISO 9001 and other relevant certifications. The role involves developing, implementing, and maintaining a comprehensive compliance program that ensures the company meets its legal, contractual, and regulatory obligations while supporting business objectives. You will serve as the compliance subject matter expert.
Duties and Responsibilities
- Compliance Program Management: Develop, implement, and maintain a comprehensive compliance program that addresses certification requirements relevant to the company's operations, including but not limited to ISO 27001, CMMC, and PCI regulations. Also assist with the development, implementation and maintenance of privacy policies and programs in line with the GDPR, California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act and other privacy legislation/regulations.
- Risk Assessment and Management: Conduct regular compliance risk assessments, identify areas of potential vulnerability, and develop risk mitigation strategies in conjunction with asset owners. Ensure that risk management practices are integrated into the compliance program.
- Policy and Procedure Development: Draft, review, and update policies and procedures to ensure they reflect current regulatory requirements and best practices related to certification standards and cybersecurity.
- Incident Management: Lead and coordinate incident response, acting as a primary point of contact for incidents and coordinating response efforts across IT, NP&E, CTO, legal and external stakeholders. This includes maintaining an incident response plan and conducting training and exercises to ensure readiness.
- Training and Awareness: Develop and deliver training programs to ensure that employees are aware of compliance requirements, understand their responsibilities, and are equipped to adhere to policies and procedures.
- Third-Party Security Management: Develop and deliver a third-party security management program to ensure vendors comply with our standards & regulatory requirements, including responding to our own customers enquiries and questionnaires.
- Audit and Monitoring: Coordinate and oversee internal and external audits related to certifications. Monitor compliance with policies and procedures and implement corrective actions as necessary.
- Reporting: Provide regular reports to the General Counsel, cybersecurity committee and senior management on the status of the compliance program, including risks, audit results, and compliance metrics.
- Stakeholder Engagement: Collaborate with IT, NP&E, CTO Group, Human Resources, and other departments to ensure compliance efforts are aligned with business operations and technical requirements, and that controls are being implemented and evidence captured as required. Serve as the primary point of contact for regulatory bodies and certification agencies
Authority
- Problem Identification
- Problem solving
- Advice and Counsel
For clarity, areas that would be the responsibility of other internal groups:
- Cybersecurity Strategy - committee
- Governance - committee
- Day-to-day security operations - NP&E and Outsourced third-party(ies)
- Controls and evidence collection - Individual Business Units
Qualifications
- Bachelor's Degree in Law, Cyber Security and/or a related program
- Familiarity with security standards - PCI / SOC 1 & 2 / ISO 27001
- Theoretical and practical knowledge around securing systems
- Some experience in a technical security/compliance role
- A professional certification such as CISSP or CISM is preferred, but isn't mandatory
- Finally and most importantly, this individual must be a strong example of our core values - Integrity, Humility, Respect and Determination!
Working conditions
This position typically operates in a professional office environment. Standard office hours are 8am to 5pm, Monday through Friday, on a hybrid in-office/remote schedule. However, work outside of regular office hours and occasional global travel will be required. This role routinely uses standard office equipment and software. Must have valid passport. The ideal candidate will be based in either Calgary or Kuala Lumpur, closer to the reporting offices.
Physical requirements
Sitting and using a computer for extended periods of time.
Details
- Job titleCompliance Officer - Cybersecurity, Risk and Compliance
- DepartmentLegal
- LocationCalgary, AB Canada
- SupervisorDirector of Legal Affairs and General Counsel
About Network Innovations
Keeping people connected anywhere on the planet is more than just our expertise – it’s our mission. Network Innovations is a technology and systems integrator that provides secure and seamless global communications solutions. Our customers conduct some of the most important work on the planet, whether it’s helping a remote island rise again after a hurricane, defending a country's borders, preventing a catastrophic power grid failure… you get the deal. What this means for our team is that we come to work each day knowing that it matters. We’re forward thinkers and problem solvers who thrive on challenges. Determination, integrity, humility, and respect are at our core. If you’re looking to grow with an organization that values collaboration, diversity, and learning, you’re in the right place.
Network Innovations is committed to fostering a diverse and inclusive work environment. We live our core values and look to them to drive business results and help our customers conduct some of the most important work on the planet. We believe a diverse global workforce allows us to create customer intimacy and sustained profitability. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, age, national or ethnic origin, marital status, family status, disability, genetic characteristics. Whether you are starting your career or have decades of experience, we welcome you to join our mission to connect our world securely and seamlessly.
Accommodations during the application process are available upon request. While we appreciate all applicant submissions, only those considered to be most qualified will be contacted for further assessment.
Disclaimer Statement: This job description lists the essential functions of the position and is not intended to include every job duty and responsibility specific to a position. An employee may be required to perform other related duties not listed above provided that such duties are characteristic of that classification.