Senior Risk and Compliance Specialist
Company Description
Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across the following domains: border security, civil identity, driver licence/identification and vehicle information, excise control, currency, lotteries and charitable gaming.
Our Corporate Philosophy and 7 Core Principles shape and guide our corporate behaviours and underpin the sense of community you will experience at CBN. We seek long-term relationships with our employees and offer a competitive compensation package that includes health, medical and life insurance benefits and a defined contribution pension plan with company matching.
Job Description
Internal Job Title: Senior Risk and Compliance Specialist Job Type: Permanent, Full-Time Job Location: Canada Work Model: Remote
Job Status: Existing Vacancy
Position Summary
As a Senior Risk and Compliance Specialist at CBN, you will be responsible for leading compliance initiatives, conducting risk assessment and remediation activities, and developing security strategies for CBN systems deployed in Canada, the United States and Europe.
Responsibilities
Compliance Initiatives
Lead current ISO 27001, SOC 2, and PCI compliance initiatives for systems in Canada, US, and Europe.
Examine existing initiatives and engage business stakeholders and customers to establish a strategy for handling compliance-at-scale for both compliance-focused and cost-sensitive markets.
Security Strategy
Spearhead initiatives to identify, investigate, and improve security risks within CBN Operations Global Infrastructure.
Design and deliver security strategies, produce architectural models, detailed assessments, and present reports to meet Canada/US and global security requirements.
Research and deliver tooling and strategies for CBN’s AppSec program to address risk assessments in an automated fashion at scale.
Risk Assessment and Remediation
Conduct Risk Assessments within customer systems to quickly assess associated risks, recommend actions, and develop plans for remediation.
Understand the risk/compliance gaps in our global systems, articulate a vision, and work across teams to get us there.
Stakeholder Engagement
Take an active role in educating customers, executives, stakeholders, infrastructure personnel, and developers on best practices for security.
Build relationships with stakeholders across groups to understand assessment needs, advise on how it should be handled, and the associated notification process.
Various other Duties and Responsibilities.
Qualifications
Knowledge and Experience
Education
Bachelor’s degree in Computer Science, Information Technology or related field or an equivalent combination of relevant education and additional work experience
Certification(s)
One (or more) of NIST800-53, ISO27001, SOC2 (Type I and II), FedRamp, StateRamp
SANA, ISACA or GIAC is an asset
Knowledge
Compliance standards, frameworks and tools
Threat and risk management principles and methodologies
Risk assessment practices and methodologies
Experience
8+ years of direct experience in a compliance, auditing and/or risk position
3+ years of experience developing/delivering compliance assessments
Experience using structured approaches to risk assessment (e.g. HTRA, TRA, ITSG-33, CSF, FSIR, STAR)
Experience using Unified Compliance Frameworks and GRC tools
Experience with Azure/AWS compliance is an asset
Technical Skills
Proficiency with MS 365 Copilot
Presentation skills
Soft Skills and Competencies
Critical thinking skills
Analysis, problem solving
Interpersonal skills
Communication, relationship building, teamwork and collaboration
Organization/time management/prioritization skills
Adaptable
Growth mindset
Mandatory Requirements
Fluency in English (reading, writing, speaking)
Able to obtain and maintain Government of Canada Secret level security clearance
Able to travel domestically and/or internationally (passport required) approx. 1-2 weeks/year
Additional Information
Equal Opportunity Statement
Our organization is committed to employment equity and diversity in the workplace. We actively encourage applications from women, Indigenous Peoples, persons with disabilities, members of visible minorities, and LGBTQ2+ individuals.
We are dedicated to removing barriers and fostering an inclusive workplace that reflects society and we are committed to providing an accessible and inclusive recruitment process in accordance with the Accessibility for Ontarians with Disabilities Act (AODA).
If you require accommodation at any stage of the hiring process, please contact us at [email protected] so that appropriate arrangements can be made.
AI Use in Recruitment Statement
As part of our commitment to transparency and fairness in hiring, we disclose that artificial intelligence (AI) tools may be used at certain stages of our recruitment process. These tools assist in tasks such as resume screening, candidate matching, and interview scheduling. All AI-assisted decisions are subject to human oversight to ensure fairness, accuracy, and compliance with applicable laws.
We are committed to the responsible, transparent, and accountable use of AI, in alignment with Ontario’s Responsible Use of Artificial Intelligence Directive and the requirements under the Working for Workers Four Act. This includes taking steps to mitigate bias, protect candidate privacy, and ensure that AI does not unfairly influence hiring outcomes.
If you have questions or concerns about how AI is used in our hiring process, please contact us at [email protected] .
About the job
Apply for this position
Senior Risk and Compliance Specialist
Company Description
Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across the following domains: border security, civil identity, driver licence/identification and vehicle information, excise control, currency, lotteries and charitable gaming.
Our Corporate Philosophy and 7 Core Principles shape and guide our corporate behaviours and underpin the sense of community you will experience at CBN. We seek long-term relationships with our employees and offer a competitive compensation package that includes health, medical and life insurance benefits and a defined contribution pension plan with company matching.
Job Description
Internal Job Title: Senior Risk and Compliance Specialist Job Type: Permanent, Full-Time Job Location: Canada Work Model: Remote
Job Status: Existing Vacancy
Position Summary
As a Senior Risk and Compliance Specialist at CBN, you will be responsible for leading compliance initiatives, conducting risk assessment and remediation activities, and developing security strategies for CBN systems deployed in Canada, the United States and Europe.
Responsibilities
Compliance Initiatives
Lead current ISO 27001, SOC 2, and PCI compliance initiatives for systems in Canada, US, and Europe.
Examine existing initiatives and engage business stakeholders and customers to establish a strategy for handling compliance-at-scale for both compliance-focused and cost-sensitive markets.
Security Strategy
Spearhead initiatives to identify, investigate, and improve security risks within CBN Operations Global Infrastructure.
Design and deliver security strategies, produce architectural models, detailed assessments, and present reports to meet Canada/US and global security requirements.
Research and deliver tooling and strategies for CBN’s AppSec program to address risk assessments in an automated fashion at scale.
Risk Assessment and Remediation
Conduct Risk Assessments within customer systems to quickly assess associated risks, recommend actions, and develop plans for remediation.
Understand the risk/compliance gaps in our global systems, articulate a vision, and work across teams to get us there.
Stakeholder Engagement
Take an active role in educating customers, executives, stakeholders, infrastructure personnel, and developers on best practices for security.
Build relationships with stakeholders across groups to understand assessment needs, advise on how it should be handled, and the associated notification process.
Various other Duties and Responsibilities.
Qualifications
Knowledge and Experience
Education
Bachelor’s degree in Computer Science, Information Technology or related field or an equivalent combination of relevant education and additional work experience
Certification(s)
One (or more) of NIST800-53, ISO27001, SOC2 (Type I and II), FedRamp, StateRamp
SANA, ISACA or GIAC is an asset
Knowledge
Compliance standards, frameworks and tools
Threat and risk management principles and methodologies
Risk assessment practices and methodologies
Experience
8+ years of direct experience in a compliance, auditing and/or risk position
3+ years of experience developing/delivering compliance assessments
Experience using structured approaches to risk assessment (e.g. HTRA, TRA, ITSG-33, CSF, FSIR, STAR)
Experience using Unified Compliance Frameworks and GRC tools
Experience with Azure/AWS compliance is an asset
Technical Skills
Proficiency with MS 365 Copilot
Presentation skills
Soft Skills and Competencies
Critical thinking skills
Analysis, problem solving
Interpersonal skills
Communication, relationship building, teamwork and collaboration
Organization/time management/prioritization skills
Adaptable
Growth mindset
Mandatory Requirements
Fluency in English (reading, writing, speaking)
Able to obtain and maintain Government of Canada Secret level security clearance
Able to travel domestically and/or internationally (passport required) approx. 1-2 weeks/year
Additional Information
Equal Opportunity Statement
Our organization is committed to employment equity and diversity in the workplace. We actively encourage applications from women, Indigenous Peoples, persons with disabilities, members of visible minorities, and LGBTQ2+ individuals.
We are dedicated to removing barriers and fostering an inclusive workplace that reflects society and we are committed to providing an accessible and inclusive recruitment process in accordance with the Accessibility for Ontarians with Disabilities Act (AODA).
If you require accommodation at any stage of the hiring process, please contact us at [email protected] so that appropriate arrangements can be made.
AI Use in Recruitment Statement
As part of our commitment to transparency and fairness in hiring, we disclose that artificial intelligence (AI) tools may be used at certain stages of our recruitment process. These tools assist in tasks such as resume screening, candidate matching, and interview scheduling. All AI-assisted decisions are subject to human oversight to ensure fairness, accuracy, and compliance with applicable laws.
We are committed to the responsible, transparent, and accountable use of AI, in alignment with Ontario’s Responsible Use of Artificial Intelligence Directive and the requirements under the Working for Workers Four Act. This includes taking steps to mitigate bias, protect candidate privacy, and ensure that AI does not unfairly influence hiring outcomes.
If you have questions or concerns about how AI is used in our hiring process, please contact us at [email protected] .