Calgary, Alberta, Canada
Information Security specialist with hands-on experience in Governance, Risk, and Compliance (GRC), cloud-native security practices, and a deep understanding of risk management procedures that protect organizational assets and ensure the confidentiality, integrity, and availability of information. Skilled in collaborating with engineering teams to strengthen security posture, automate controls, and embed security into development and operational workflows. Well-versed in regulatory and industry frameworks including NIST RMF 800-53, ISO 27001, PCI-DSS, EU-GDPR, HIPAA, SOX, CIS, SOC 2, and ISO 9001. Adept at conducting gap assessments, managing compliance programs, and driving continuous improvement through data-driven insights. Passionate about building scalable, resilient security programs that support business continuity, meet compliance goals, and enhance overall reliability.
Develop and maintain information security policies and procedures aligned with industry standards and frameworks such as SOC 2, ISO 27001, and NIST 800-53 Conduct regular compliance assessments and gap analyses to identify control weaknesses and lead remediation planning Manage and automate security controls using tools like Vanta and AWS Audit Manager to enhance realtime compliance visibility Plan and execute internal and external audits, track findings, and ensure continuous audit readiness Lead enterprise risk management efforts by conducting risk assessments, prioritizing vulnerabilities, and implementing mitigation strategies Collaborate with engineering and infrastructure teams to embed secure-by-design principles and improve system reliability Oversee third-party risk management activities, including vendor assessments and ongoing security monitoring Lead and coordinate incident response efforts, maintain the incident response plan, and report security events to leadership Deliver security awareness training programs and promote secure practices across the organization Enforce secure configurations and manage endpoint protection to reduce user-level security risks Support customer trust initiatives by completing security questionnaires and maintaining standardized documentation (e.g. SIG, CAIQ, CCM)
Maintained and regularly updated the corporate risk register, ensuring each identified risk had a clearly assigned owner and was actively tracked Conducted security risk assessments on applications and services, identifying and addressing risks in alignment with PCI-DSS, ISO 27001, and other regulatory standards Provided guidance and hands-on support for implementing and maintaining IT and industry standards across systems and services Collaborated with engineering and change management teams to assess the security impact of changes and ensure controls were documented and enforced Led internal audit processes, tracked nonconformities and exceptions, and drove timely remediation and closure Prepared and gathered audit evidence for external auditors and regulatory bodies, ensuring smooth audit engagements Identified opportunities for process improvement based on audit findings, expert feedback, and internal reviews Ensured all system changes followed established change management procedures and were properly documented Acted as the primary liaison between the organization and external auditors, regulators, and consultants to support compliance activities Drove continuous compliance with applicable security frameworks, internal policies, and regulatory requirements
Led and executed IT governance initiatives, ensuring alignment with business objectives and compliance with industry standards and regulations. Conducted comprehensive risk assessments to identify and evaluate potential security risks and vulnerabilities. Developed and implemented customized GRC frameworks to address specific organizational needs and regulatory requirements. Collaborated with cross-functional teams to establish and maintain effective policies, procedures, and controls for information security. Provided guidance on compliance matters, including GDPR, ISO 27001, ISO 22301 and other relevant standards. Conducted regular audits and assessments to monitor and improve the effectiveness of information security programs. Coordinated with internal and external stakeholders to communicate risks, assess impact, and recommend mitigation strategies. Contributed to the development and delivery of GRC training programs for employees to enhance awareness and compliance.
Performed real-time surveillance of telecom infrastructure, including BTS and RAN equipment, using NOC monitoring tools to ensure optimal network performance and uptime Utilized network management systems to identify anomalies, initiate fault escalation, and minimize service disruptions Executed L1 troubleshooting procedures and coordinated with field engineers for rapid fault isolation and resolution Logged all incidents in the ticketing system, ensuring SLAs were met through timely updates and closures with accurate Root Cause Analysis (RCA) Collaborated with cross-functional teams to analyze recurring network faults and implement preventive measures to enhance service availability and reduce MTTR (Mean Time to Repair)