Security and Compliance Specialist
Google · Ottawa, ON
This listing has closed — view similar roles below.
- On site
- Full-time
- CA$164,000 / year
- Ottawa, ON
Job highlights
- Manage risks and compliance for Google Cloud.
- Validate security controls and evidence gathering.
- Support external audits and government assessments.
- Monitor controls and manage remediation plans.
- Requires Top Secret security clearance.
About the role
About The Job
As part of the CISO Risk and Compliance organization, the Cloud CISO Public Sector team supports Google Cloud by managing risks, ensuring accountability, defining and enforcing compliance standards, monitoring controls, and collaborating with stakeholders to meet evolving security, privacy and compliance requirements.
In this role, you will provide the mandatory separation of duties ensuring that our security controls are not just designed correctly, but are operating effectively in practice. You will sit at the intersection of engineering and compliance, validating technical controls through rigorous testing and evidence gathering. You will be the primary defender of our compliance posture during external audits, translating engineering data into audit-proof evidence. Your vigilance in monitoring for insider threats and maintaining audit readiness is key to sustaining our trusted status with government customers.
Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.
Responsibilities
- Execute walkthroughs and sampling of security controls to validate operating effectiveness, providing security control assessment and validation separate from the engineering build team.
- Maintain an audit-ready evidence repository and lead the response to external government assessments.
- Sustain authorization posture through continuous monitoring, annual assessments, and change management processes aligned with government requirements.
- Manage remediation plans and track the resolution of control deficiencies.
- Perform Control Operating Effectiveness testing aligned with IT Audit methodologies (e.g., ISO 27001, SOC 2) applied to Government of Canada frameworks.
Minimum Qualifications
- Bachelor's degree in Information Systems, Accounting, Business, or equivalent practical experience.
- 8 years of experience in IT Audit, Compliance, or Risk Management.
- Experience performing Security Control Assessment and Control Operating Effectiveness testing.
- Ability to obtain a Top Secret security clearance.
Preferred Qualifications
- Certifications such as CISA, CCSP, CISSP, or CIA.
- Experience with IT Audit methodologies (e.g., ISO 27001, SOC 2, CSA STAR).
- Experience managing Remediation Plans or Plan of Action and Milestones (PoA&M) tracking.
- Familiarity with Insider Threat indicators and physical access log reviews.
- Knowledge of Government of Canada regulatory instruments, with the ability to operationalize TBS policies and directives related to security, privacy, and information management.
Equal Opportunity Statement
Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Google's EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know by completing our Accommodations for Applicants form .
Key skills/competency
- IT Audit
- Compliance
- Risk Management
- Security Control Assessment
- Control Operating Effectiveness Testing
- ISO 27001
- SOC 2
- CISA
- CISSP
- Government of Canada Regulatory Instruments
Skills & topics
- Security and Compliance Specialist
- IT Audit
- Compliance
- Risk Management
- Security Control Assessment
- Operating Effectiveness Testing
- ISO 27001
- SOC 2
- CISA
- CISSP
- Canada
How to get hired
- Tailor your resume: Highlight IT Audit, Compliance, Risk Management experience, and specific methodologies like ISO 27001 or SOC 2.
- Showcase relevant certifications: Emphasize CISA, CCSP, CISSP, or CIA if you possess them.
- Demonstrate clear understanding: Articulate your experience with Security Control Assessment and Control Operating Effectiveness testing.
- Address security clearance: Clearly state your ability to obtain a Top Secret security clearance.
- Prepare for interviews: Be ready to discuss how you translate technical data into audit-proof evidence.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the salary expectations for a Security and Compliance Specialist at Google Canada?
- For the Security and Compliance Specialist position in Google Canada, the base salary range is between CAD 162,000 and CAD 166,000 annually. This range does not include potential bonuses, equity, or benefits.
- What specific IT audit methodologies are preferred for the Security and Compliance Specialist role at Google?
- Google prefers candidates with experience in IT audit methodologies such as ISO 27001, SOC 2, and CSA STAR for the Security and Compliance Specialist position.
- Is a security clearance mandatory for the Security and Compliance Specialist position at Google?
- Yes, the ability to obtain a Top Secret security clearance is a mandatory qualification for this Security and Compliance Specialist role at Google.
- What educational background is required for the Security and Compliance Specialist role at Google?
- A Bachelor's degree in Information Systems, Accounting, Business, or equivalent practical experience is the minimum educational requirement for this Security and Compliance Specialist position at Google.
- How does Google Cloud's CISO Public Sector team contribute to the company's security posture?
- The Cloud CISO Public Sector team manages risks, ensures accountability, defines compliance standards, monitors controls, and collaborates with stakeholders to meet evolving security, privacy, and compliance requirements for Google Cloud.
- What is the role of a Security and Compliance Specialist in ensuring control effectiveness at Google?
- The Security and Compliance Specialist validates technical controls through rigorous testing and evidence gathering, ensuring that security controls are operating effectively in practice and not just designed correctly.
- Can candidates with experience in Government of Canada regulatory instruments apply for the Security and Compliance Specialist role?
- Yes, knowledge of Government of Canada regulatory instruments and the ability to operationalize TBS policies is a preferred qualification for the Security and Compliance Specialist role.