GRC Analyst

This is a fully remote position, open to applicants in Canada.

📋 Description

• Assist in implementing and managing security and privacy policies, standards, and control frameworks in accordance with ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other international regulations.

• Aid in policy exception management, attestation processes, and identify areas for process enhancement.

• Assist with enterprise risk evaluations, which include vendor assessments and process-level reviews.

• Help maintain the risk register, monitor remediation efforts, and support risk treatment planning.

• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, which encompasses vendor onboarding evaluations, ongoing oversight, and remediation tracking.

• Assist with preparation and response for audits related to ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other applicable frameworks.

• Aid in collecting evidence, validating controls, and engaging with auditors.

• Utilize GRC platforms to facilitate audit, privacy, and compliance workflows.

• Support the sales process by addressing client inquiries concerning security, privacy, and compliance matters.

• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.

• Collaborate with sales and client success teams to provide prompt, accurate responses that foster client trust.

• Support privacy-related initiatives across different jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).

• Work together with legal and data governance teams to ensure compliance with data protection and financial crime regulations.

• Assist with compliance obligations related to FINTRAC, including reporting and risk evaluations associated with AML/ATF responsibilities.

• Monitor changes in regulations (privacy, AML, financial crime) and assist in aligning internal processes accordingly.

• Collaborate with business and technical teams to integrate risk and compliance considerations into projects and initiatives.

• Help deliver reports and insights (dashboards, risk metrics, summaries) for leadership.

• Contribute to Benevity’s Security Awareness & Training program, encompassing awareness campaigns, training modules, and phishing simulations.

• Participate in training, documentation, and awareness initiatives that enhance Benevity’s security, privacy, and compliance culture.

⛳️ Requirements

• 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy.

• Proficient understanding of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.

• Familiarity with or experience in GRC tools (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata).

• Knowledge of risk assessment methodologies, vendor risk principles, and compliance evidence collection.

• Experience or a willingness to assist in client due diligence activities (security questionnaires, RFPs, TPRM).

• Capability to clearly communicate risk, security, privacy, and regulatory concepts to both technical and non-technical audiences.

• Strong organizational abilities, attention to detail, and a proactive approach to learning and problem-solving.

• An interest in utilizing automation and AI to optimize GRC processes and improve efficiency is advantageous.

• Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are preferred; candidates who are actively pursuing certification are encouraged to apply.

🏝️ Benefits

• Innovative work.

• Growth opportunities.

• Caring co-workers.

• Flexibility in work locations.

• Diversity, equity, inclusion, and belonging initiatives.

• Support for candidates with disabilities.