Role Overview
We are seeking a detail-oriented Governance, Risk and Compliance (GRC) Analyst to support the ongoing development and execution of our information security and compliance initiatives. This role plays a central part in maintaining regulatory alignment, audit readiness, and risk transparency across the organization. You will collaborate with the Director of Information Security and engage with teams across the business to ensure controls are effective, risks are tracked, and compliance obligations are met.
Key Responsibilities
- Develop, maintain, and refine security policies, standards, and operating procedures to support program maturity.
- Manage the enterprise risk register, monitor remediation progress, and report on current risk exposure.
- Support compliance frameworks such as SOC 2 by designing controls, gathering evidence, and preparing for internal and external audits.
- Track audit findings and ensure timely resolution of action items to maintain control effectiveness.
- Conduct vendor security assessments, oversee due diligence processes, and maintain the vendor risk inventory.
- Coordinate periodic vendor reassessments and escalate critical risks as needed.
- Lead responses to customer and prospect security questionnaires, maintain a repository of standardized answers, and collaborate with internal stakeholders when required.
- Represent the organization in customer-facing security discussions and audits as needed.
- Support incident response efforts by managing documentation, timelines, and communication workflows.
- Contribute to the maintenance and testing of Business Continuity and Disaster Recovery plans, including follow-up on corrective actions.
- Assist with privacy and data protection activities such as data mapping, handling reviews, and breach coordination in collaboration with Legal and Security teams.
- Support the security awareness program through training coordination, phishing simulations, and tracking of employee engagement metrics.
Required Qualifications
- Professional experience in governance, risk management, compliance, information security, or audit functions.
- Hands-on involvement in compliance programs such as SOC 2, NIST CSF, ISO 27001, or equivalent frameworks.
- Familiarity with audit lifecycle activities, including evidence collection, control documentation, and audit coordination.
- Understanding of risk management practices, including risk register maintenance and remediation tracking.
- Strong organizational and project management abilities, with a proven ability to manage multiple priorities and deadlines.
- Adaptability to thrive in a fast-paced, evolving environment with changing processes and requirements.
Preferred Qualifications
- Experience managing customer security questionnaires and responses.
- Background in SaaS, fintech, or financial services industries.
- Experience with third-party risk management or vendor security evaluation processes.
- Knowledge of privacy regulations such as GDPR, PIPEDA, or OSFI guidelines.
- Relevant certifications such as CompTIA Security+, CISA, CRISC, or ISO 27001 Lead Auditor/Auditee.
- Experience improving or automating compliance workflows, including the use of AI-powered tools or platforms.
