GRC Analyst
Apply NowCompany: Staff IT
Location: Oakville, ON L6H 0A4
Description:
HERE'S HOW YOU'LL CONTRIBUTE:
Security Controls and Compliance:
Audit and Risk Management:
Operational and Stakeholder Support:
Continuous Improvement and Best Practices:
HERE'S WHAT YOU'LL BRING:
Security Controls and Compliance:
- Conduct independent, comprehensive assessments of management, operational, and technical security controls to evaluate their effectiveness and ensure compliance with organizational standards.
- Lead or support the development and implementation of remediation plans to resolve identified control deficiencies. Conduct pre-validation testing to confirm action plan completion and mitigate risks.
- Administer and maintain artifacts to support a secure Trust Center, enabling customers to access relevant security information.
- Utilize and manage the GRC (Governance, Risk, and Compliance) tool to oversee the security controls program, perform operational tasks, and recommend improvements for efficiency.
- Support the implementation and maintenance of IT General Controls (ITGC) and IT Application Controls to strengthen the organization's compliance posture.
- Assist in developing and implementing FCT's IT Risk Governance Framework and conducting IT certifications or annual assessments to minimize information security risks.
- Ensure compliance with industry frameworks and standards such as ISO 27001, SOC 2, PCI DSS, NIST CSF, CSA-CCM, and CSA-CSTAR.
Audit and Risk Management:
- Manage internal, external, third-party, and client-initiated audit activities, acting as the primary liaison between auditors and IT/business units.
- Serve as the escalation point for audit-related issues, delays, or concerns, supporting stakeholders throughout the audit lifecycle.
- Collaborate with the Legal and Compliance team to track and remediate IT issues identified during audits, attestations, or project assessments.
- Contribute to security risk assessments for processes, projects, and vendors, identifying and implementing necessary controls to mitigate risks.
Operational and Stakeholder Support:
- Build and maintain strong relationships with stakeholders across the first, and third lines of defense, including Risk, Compliance, and Audit teams.
- Participate as a Subject Matter Expert (SME) in RFP responses, addressing information security components to meet client requirements.
- Monitor and manage periodic control reviews, ensuring timely completion of assigned security tasks and reporting schedules (weekly, monthly, quarterly).
- Assist in implementing and managing physical access controls for assigned office and data center locations.
Continuous Improvement and Best Practices:
- Stay informed about industry trends, best practices, and emerging developments in security and risk management.
- Promote effective security practices, technologies, and processes in collaboration with stakeholders such as Legal, Finance, Compliance, and HR.
- Identify opportunities for improvement in tools, processes, and security practices to enhance operational efficiency and risk mitigation.
- Communicate effectively with technical and non-technical audiences, utilizing strong written and verbal communication skills.
HERE'S WHAT YOU'LL BRING:
- 5 + years' work experience in IT compliance or governance groups and/or information security groups within financial or insurance industry setting
- College or university degree in Information Technology or related discipline
- CISA, CISM and/or CISSP is required for this position
- Experience defining audit objectives and control processes related to financial reporting, PCI DSS, ISO 27001:2022 and CSAE3416/SOC 2
- Experience in coordinating audit activities with internal and third party auditors