Data Protection and Risk Officer

Job Description

<p><h3>Data Protection and Risk Officer</h3>
<p>Join to apply for the <b>Data Protection and Risk Officer</b> role at <b>Explorance</b></p>
<p>Join a Montreal headquartered company that helps organizations around the world create a personalized journey of impact and fulfillment for their people. Explorance offers innovative Feedback Analytics solutions because we believe that each experience matters.</p>
<h3>Job Summary</h3>
<p>We are seeking a highly skilled and experienced Data Protection and Risk Officer to join our team. Reporting to the EVP of Organizational Performance, Culture, and Strategy, you will be a key member of the Operations department, which includes GRC, HR, and Program Management teams. Your primary responsibility will be to lead our data protection and risk management program, ensuring compliance with global regulations and best practices.</p>
<p>You will work closely with various teams, including Sales, HR, Engineering and IT/DevOps/SecOps/CloudOps to advise on compliance matters, implement and monitor IT compliance activities, and foster a culture of security and privacy throughout the organization.</p>
<h3>Responsibilities</h3>
<ul>
<li>Build a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within Explorance</li>
<li>Ensure information security policies, standards, and procedures are up-to-date</li>
<li>Initiate, facilitate, and promote activities to foster information security awareness within the organization</li>
<li>Create a culture of cyber security both with the IT organization and driving behavioral changes for the business</li>
<li>Evaluate security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary</li>
<li>Manage security incidents and events involving IT systems</li>
<li>Ensure that the disaster recovery, business continuity, risk management and access controls needs are addressed</li>
<li>Ensure compliance with the administrative, technical and physical safeguards</li>
<li>Manage 3rd party security audits and penetration testing initiatives</li>
<li>Serve in a leadership and functional role for security compliance</li>
<li>Work closely with the internal teams to ensure alignment between security and privacy compliance programs including policies, practices and investigations, and acts as the point of contact for the information systems and compliance departments</li>
<li>Initiate and perform periodic information security risk assessment/analysis, mitigation and remediation. Responsible for development and implementation of security risk management plan</li>
<li>Support the implementation of controls and perform period audits to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file and system access</li>
<li>Ensure the organization has and maintains appropriate system use and disclosure / confidentiality and Privacy statements</li>
<li>Oversee, develop and/or deliver initial and ongoing security training to the workforce</li>
<li>Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities</li>
<li>Participate in the development, implementation, and ongoing compliance monitoring of all business agreements, to ensure security concerns, requirements, and responsibilities are addressed</li>
<li>Establish and administer a process for investigating and acting on security incidents which may result in a privacy breach.</li>
<li>Partners with Human Resources and Business Process to ensure consistent sanctions for security violations</li>
<li>Maintains current knowledge of applicable local, federal and international laws, as well as certification requirements and accreditation standards.</li>
<li>Serve as information security officer to all departments for all data security related questions and issues</li>
<li>Participate in 3rd party vendor risk and compliance assessment activities such as SOC reports reviews or other control assurance reports</li>
</ul>
<h3>Professional Experience / Qualifications</h3>
<ul>
<li>Bachelor’s degree in a field related to Information Technology, Business or Risk Management or a related IT security certification such as CISSP, CISM, CISA, CCSP Security industry related knowledge and credentials, such as SOC2, NIST 800-53, ISO 27001, OWASP</li>
<li>Knowledge and experience in local and federal information security laws, such as PIPEDA, FERPA, GDPR, FedRAMP</li>
<li>Understanding of risk assessment methodologies (e.g. RCSA), internal controls and controls testing (e.g. SOC2), and industry technology risk management frameworks, as well as familiarity with SDLC and Project Management methodologies</li>
</ul>
<h3>Additional Requirements</h3>
<ul>
<li>A high level of integrity and trust</li>
<li>Demonstrated organization, facilitation, written and oral communication, and presentation skills</li>
<li>Interpersonal, influencing and negotiation skills with the ability to work effectively with all levels of the organization</li>
<li>Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals.</li>
<li>Excellent writing skills</li>
<li>Knowledge and direct experience with Resiliency-Disaster Recovery and Business Continuity compliance</li>
</ul>
<h3>Other Requirements</h3>
<ul>
<li>Only apply if you are a Montreal (or surroundings) resident that is interested in being part of a vibrant and highly engaged at-the-office culture.</li>
</ul>
<h3>Inclusion Statement</h3>
<p>At Explorance, we take inclusion to heart and live it each day. We put the ‘human’ first in everything we do and take pride in our authenticity and culture of inclusion. We therefore encourage persons of any race, religion, ethnicity, gender identity, sexual orientation, age, immigration status, disability or other applicable legally protected characteristics to apply. We make employment-related decisions without regard to any of these characteristics. And to ensure a safe workspace for all our employees, all employment is contingent upon receipt of a satisfactory background and reference check.</p>
<h3>About Explorance</h3>
<p>Explorance empowers organizations with next‑generation feedback analytics to accelerate the insight‑to‑action cycle, encouraging the philosophy of “Feedback for the brave” to drive purpose, impact, and growth.</p>
<p>Bringing 20 years of expertise, Explorance, a member of the World Economic Forum and a trusted partner for 35% of Fortune 100 companies and 25% of the world’s top higher education institutions, has influenced over 25 million individuals with award‑winning solutions like Blue, Metrics That Matter, and MLY.</p>
<p>Consistently among the top employers by the Great Places to Work Institute®, Explorance, a Brandon Hall AI award winner, is also a two‑time Global Leader in the 360‑degree feedback market by Fortune Business Insights.</p>
<p>Visitexplorance.com or connect on LinkedIn, Facebook, and X.</p></p>
#J-18808-Ljbffr