Graham is an employee-owned construction solutions partner that services the buildings, industrial, infrastructure, water and project finance sectors. We deliver lasting value for our clients through meticulous planning and scheduling, while upholding rigorous safety and quality standards. With offices throughout North America, our passionate and knowledgeable teams deliver projects that enable communities to thrive and people to live, work, move and grow in a rapidly changing world. With over nine decades of experience, Graham has the resources, capacity and expertise to undertake projects of every scope, scale and complexity. Join our team to deliver a better tomorrow.
We are seeking top-tier talent to join our Corporate Services team and support our construction operations by applying your expertise to various Corporate Services business initiatives. As a member of this collaborative team, you can expect a safe, diverse and inclusive environment, and ongoing learning and career development opportunities.
About the Role:
This role is to help protect our organization's sensitive data from unauthorized access as well as overseeing internal systems for compliance with security standards. The successful candidate will work with the Cybersecurity team as well as IT support to develop mitigation strategies and ensure compliance with standards and policies across the organization.
(***This position will also give successful candidates an opportunity to be exposed to, and cross-train with other cyber roles within our company***)
As a Security Compliance Analyst at Graham, you will:
- Identify and address security gaps in the organization's data handling processes.
- Design, configure and implement data loss prevention and insider risk technologies to protect our organization's sensitive data.
- Perform QA testing as needed to validate software functionality, in line with our change management processes.
- Evaluate technical controls to ensure that security and compliance requirements meet NIST 800-171 Framework.
- Oversee development and maintenance of the control framework, including creating and maintaining documented standards, processes and procedures.
- Evaluate organizational IT systems and security controls and recommend security enhancements.
- Collaborate with cross-functional teams on projects to ensure that security is addressed throughout the project life cycle.
- Actively participate in IT audits, collaborating and acting as a liaison to external audit teams and responding to recommendations.
- Review and assess the effectiveness of controls, including segregation of duties (SoD), to ensure compliance with regulations and organizational policies; identify SoD risks and work with teams within the organization to recommend improvements and potential controls.
- Communicate effectively with technical and non-technical stakeholders.
- Contribute to our cybersecurity awareness program including developing training and presenting to end-users.
- Stay up to date on industry best practices and emerging trends.
Qualifications & Experience:
- High school diploma or Bachelor’s degree in any discipline, and 5-10 years' experience in audit or compliance (or combined).
- 3 years of experience participating in security control assessments or audits.
- Knowledge of information security standards and information privacy laws or regulatory requirements (Canada and/or US).
- Familiarity with security and compliance standards (e.g., ISO 27001, NIST, Sarbanes-Oxley).
- Familiarity with Active Directory, enterprise DLP or insider threat/risk solutions, Microsoft Entra Privileged Identity Management, Entra ID or Entra User Administration.
- Demonstrated ability to implement new processes or procedures.
- Strong written and verbal communication skills.
- Strong analytical and critical thinking skills.
- Professional certification, such as CISA, CISM, CRISC, CISSP, or ISAAP are highly desired.
- Experience with SAP or other ERP solutions is an asset.
If this sounds like you, then Graham may be the right fit. Apply today.
Graham is an Equal Opportunity Employer, and employment selection decisions are based on merit, qualifications, and abilities. Graham does not discriminate in employment opportunities or practices on the basis of race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability, veteran status or any other characteristic protected by country, regional or local law.
No unsolicited resumes or phone inquiries from agencies, thank you.