Compliance Specialist

More details

Location: Alberta or B.C., Canada (Working from Home)

Working hours: 37.5 Monday – Friday 09:00 – 17:30

Job Description:

We are seeking a dedicated Security Compliance Specialist with a strong focus on regulatory and certification compliance, particularly ISO 27001 and StateRAMP. This role is central to driving our compliance program forward, ensuring that policies, controls, and documentation align with the rigorous standards of our key regulatory frameworks.

You will work cross-functionally to manage audits, risk assessments, vendor security responses, and certification readiness, ensuring our organization continuously meets or exceeds its compliance obligations. This is not a security operations role. It is best suited for someone with a compliance, audit, or GRC background who thrives on process, documentation, and risk mitigation.

Responsibilities:

• Lead and maintain compliance efforts for ISO 27001, StateRAMP, TX-RAMP, and other applicable frameworks and certifications
• Develop, implement, and continuously refine security policies, controls, and documentation aligned with compliance standards
• Own the audit lifecycle for ISO 27001 and StateRAMP collaborate with auditors, gather evidence, and manage remediation tasks
• Manage completion of security assessments such as HECVAT, and coordinate responses to vendor questionnaires, tenders, and RFPs
• Maintain and evolve a repository of standardized security responses and compliance documentation
• Conduct periodic risk and gap assessments and oversee corrective action plans
• Partner with security, IT, and legal teams to ensure controls are implemented, tested, and auditable
• Monitor evolving regulatory and customer requirements and ensure timely updates to policy and compliance posture
• Deliver internal training and awareness sessions to promote understanding of compliance responsibilities across departments
• Report on audit readiness, compliance status, and control effectiveness to leadership
• Stay up to date on changes to relevant regulatory frameworks and ensure the organization adapts its policies and procedures accordingly
  
  
  

Requirements:

• Bachelor’s degree in Information Security, IT, Risk Management, or a related field
• 3+ years of experience in a security compliance, risk, or audit-focused role
• Deep familiarity with ISO 27001 and StateRAMP, including experience with audits, certification processes, and control mapping
• Understanding of related standards/frameworks such as SOC 2, NIST 800-53
• Hands-on experience with GRC platforms such as ServiceNow GRC, OneTrust, or Archer
• Strong communication skills with the ability to translate technical requirements into business-friendly language
• Organized and self-motivated, with a strong attention to detail and a bias for documentation
• Foundational knowledge of cloud environments (Azure, AWS, or GCP) and how compliance requirements apply to cloud services