Sr. Analyst, Governance, Risk, and Compliance

Description

• Develop and maintain information security governance documentation, including policies, standards, procedures, and guidelines.
• Collaborate with Internal Audit, Legal, Privacy, and other stakeholders to ensure IS policies and controls meet all regulatory and organizational requirements.
• Ensure you and your family receive the services needed to support your mental, emotional, and physical well-being.
• Conduct monthly compliance reviews with security service providers to ensure adherence to SLAs and contractual requirements.
• Recommend and implement appropriate controls to address identified security risks and enhance organizational security.
• Prepare periodic reports and presentations for senior management, steering committees, and the board of directors.
• Provide backup support for other security team members as needed.
• Design, operate, and manage a compliance framework aligned with ISO 27001, including associated controls.
• Provide expert consultative advice to Information Services (IS) and business units to support informed risk management decisions.
• Identify opportunities to improve processes for security risk identification and management.
• Assess security controls of vendors and third parties safeguarding company assets through contract and compliance reviews.
• Conduct comprehensive security risk assessments for new and existing services, applications, technologies, and vendors. Clearly document and communicate findings to relevant stakeholders.
• Facilitate audits and risk reviews with internal/external auditors, clients, and business teams; ensure timely response and track remediation to closure.
• Monitor the effectiveness of security controls through the design and implementation of KPIs and KRIs for reporting.

Requirements

• Influencing: Ability to positively influence colleagues and gain genuine agreement.
• Strong understanding of computer networking concepts, protocols, and IT security methodologies.
• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum 8 years of experience in IT, with at least 5 years in information security/compliance or IT audit, and 3 years in security risk management.
• Capacity to manage multiple priorities and meet tight deadlines.
• Strong analytical and problem-solving skills.
• Demonstrated results orientation, energy, and self-motivation.
• In-depth knowledge of legal and regulatory compliance standards (e.g., GDPR, PCI-DSS, PHIPA, ISO 27001, NIST).
• Problem Solving: Proficient in applying logic and techniques to resolve complex issues; skilled in asking probing questions to achieve optimal outcomes.
• Stakeholder Management: Ability to influence with and without direct authority; high emotional intelligence and organizational awareness.
• Decision Making: Sound judgment and decision-making in complex, dynamic environments; innovative risk orientation.
• Ability to adapt to evolving technical, regulatory, and compliance environments.
• Proven ability to work collaboratively within a team environment.
• Excellent verbal and written communication skills.
• Adaptive Thinking: Effective change leadership and critical thinking skills; sound analysis and logical reasoning.
• Business Acumen: Deep understanding of business operations, trends, and technologies impacting the organization.
• Professional certifications such as CISM, CISA, CRISC, or CISSP are considered assets.

Benefits

Training + Development

Interview process

Visa Sponsorship

Security clearance