Description:
We’re looking for a Senior GRC Analyst to join our team! Reporting to the Head of Security Culture and Programmes, you’ll sit right at the heart of this change, helping the business move faster and smarter by managing risk in a way that enables progress rather than slowing it down.
This role offers real influence & impact. You’ll work at the intersection of technology, risk, and business, shaping decisions that matter and seeing the direct results of your work across our North American operations
What we’ll offer:
- 15 vacation days + 6 PTO days
- Competitive salary
- Birthdays Off
- RRSP and DPSP Retirement Plan
- Health and dental plans after 3 months of service
What you’ll do:
Governance, Risk & Compliance
- Lead and deliver technology risk assessments across systems, services, and suppliers
- Identify, assess, and track security, operational, and third-party risks, turning insights into clear remediation actions
- Maintain and continuously improve GRC processes, controls, and documentation to support growth and regulatory expectations
Audits & Assurance
- Coordinate and lead internal security audits across our North American businesses
- Support audit readiness and follow-through, ensuring findings translate into meaningful improvements
Contracts & Third-Party Risk
- Review contracts for security, data protection, and regulatory requirements
- Partner with Legal, Procurement, and vendors to assess and reduce third-party risk
- Contribute to the evolution of our global vendor risk assessment program
Program Ownership
- Own and run GRC initiatives end-to-end, from planning through delivery
- Manage priorities, dependencies, and risks across multiple initiatives
Executive & Stakeholder Engagement
- Communicate risk posture, priorities, and trade-offs to senior leaders
- Create clear, concise risk reports and dashboards for executive audiences
What you’ll bring:
- Strong understanding of threat, vulnerability, and information security risk concepts
- Working knowledge of security frameworks and standards such as NIST, CIS 18, ISO 27001, and PCI DSS
- Familiarity with data privacy and regulatory frameworks, including GDPR
- Proven experience working cross-functionally with senior stakeholders in business, legal, IT, and security
- Ability to clearly explain security and risk topics to both technical and non-technical audiences
- Cybersecurity or information security certifications are a plus
- Ability to travel internationally as required for the role; candidates with unrestricted international travel eligibility (e.g., Canadian passport holders) are preferred due to business travel needs
- Ability to attend the office in person at least twice per month, as required for collaboration and key business activities