GRC Specialist

Vancouver, BC Canada

Apply for this job




Hootsuite is more than a social media company. We’re more than a tech company. We’re a collective of creators and makers, builders and hackers, teachers and students.

We believe deeply that social media is revolutionizing how we communicate – and we’re driven by our purpose to champion the power of human connection.


We believe that culture is the compass to success and so our culture manifesto is woven into the fabric of all we do. We seek exceptional talent that believes joining a passionate, egoless team that is building something bigger than themselves, and having fun doing it, matters.


We know you have a lot of choices on where to take your career next. Whether you’re based in Vancouver, Toronto, London, Bucharest, Singapore or any of our 12 nests around the globe, you will have 1,000+ #HootsuiteLife peeps who will have your back to support your growth everyday.


Here’s where it might start…


Hootsuite Cultural Manifesto


Guru Career Track  

B Corporation Certification

Who You Are...

  • Assess the Engineering, Security, IT, Operations, Development, Production, and HR control environment to ensure alignment with Hootsuite’s governance and risk management frameworks
  • Project manage Hootsuite’s SOC 2 annual accreditation initiative 
  • Assist in the development and alignment of Hootsuite practices to SOC2, PCI DSS, and ISO 27001/27002 
  • Conduct periodic risk assessments and ensure that identified gaps are addressed and remediated in a timely manner
  • Perform quarterly control self assessments (CSAs) and internal controls testing to validate that controls are designed, implemented, and operating effectively 
  • Collaborate with internal teams to analyse security risks and recommend solutions to mitigate these risks
  • Prepare and present key risk finding and recommendations to management 

You’re Great At...

  • Degree in Computer Science or Management Information Systems
  • A strong IT and audit background is preferred 
  • Relevant professional designation (e.g. CISA, CRISC or CIA) and operations auditing experience
  • 2 to 3 years experience in Enterprise Risk Management, Cyber Risk Security, Third Party Risk and Compliance, ISMS Controls Assurance (ISO 27001, SOC 1 and SOC 2) is preferred
  • Ability to understand IT risks and implications to the business, identify weaknesses and recommend solutions
  • Identify and resolve complex issues and develop innovative solutions
  • Excellent written and oral communication skills including both technical and business writing, documentation and presentation skills
  • Strong listening and analytical skills
  • Ability to communicate, interact, and cooperate with internal teams
  • Excellent interpersonal relations and demonstrated ability to work with others effectively in teams
  • Adapting and embracing new technology, innovation, and changes
  • Thriving well under pressure and effectively in a fast-paced environment

Apply for this job