Position Title:IT Governance, Risk and Compliance Analyst
Reports To:Manager, IT Governance, Risk and Compliance
Department: Corporate IT
Term: Permanent Full-Time

Work Arrangements: This is a hybrid role. You will work in our office in Waterloo, ON a minimum of two (2) assigned, consecutive days every other week, plus a fifth (5th) assigned day per month. You are welcome to work from the office more than the minimum requirement and there may be some roles that are required to work in our office more than the minimum requirement.

The Opportunity:Now is an exciting time to join one of the Waterloo Area's and Southwestern Ontario's Top Employers for 2024! We are looking for an IT Governance, Risk and Compliance Analyst!
In this role, you will be responsible for ensuring the security and integrity of the IT systems and processes of Equitable.
You will apply your subject matter expertise on IT risk management and Compliance to develop and implement policies and standards, oversee and maintain control assurance activities, evaluate and improve IT controls, execute security and risk assessments, provide insights and guidance to IT and business stakeholders, assess compliance with laws, regulations, directives, and contracts, support the governance, Risk and Compliance platform/solution, and support the vendor risk management program.
You will report to the Manager of IT Security for Governance, Risk and Compliance and work closely with various stakeholders across the organization. You will also have strong communication and collaboration skills, as well as the ability to recommend risk treatment or mitigation strategies that align with the tactical and strategic priorities of the company.
If you are looking for a challenging and rewarding role in a dynamic and innovative organization, this is the opportunity for you.

What you will be doing:

• Responsible for championing enterprise risk management and IT security principles
• Support IT Security Management by way of leading the development, implementation and maintenance of IT Security and related corporate policies, standards, and guidelines
• Evaluate and monitor compliance to the internal controls, policies and standards
• Support initiative and project risk assessments brought to IT Security for review
• Assist in driving the third party vendor or partner security risk assessment program
• Support the definition, implementation and monitoring/maintenance of conditional access and DLP policies using MS Purview to ensure that the data assets and resources are accessed and used in a secure and compliant manner
• Support the implementation and ongoing management of an enterprise Governance, Risk and Compliance platform/solution to enhance the company's risk management and risk reporting/tracking capabilities
• Support the development and maintenance of Equitable's risk register and issue management programs and support risk treatment planning, monitoring, and reporting processes
• Facilitation and coordination of internally and externally driven IT control audits including evidence gathering, walkthrough coordination and management response to identified findings

What you will bring:

• A Bachelor's degree or equivalent experience/education in a related field
• 5+ years of experience in IT governance, compliance, assurance, or audit roles
• Expertise in financial services, healthcare, or other highly regulated industries (an asset)
• Professional certification or progress towards certification in one or more of the following areas: CRISC, CISSP, CISA
• Skills in control analysis, risk analysis, process assessment, consulting, data analysis, audit, vendor and contract management
• Experience in translating legislation, regulations, or directives into control objectives or policy/standard requirements
• Proficiency in planning and delivering risk assessments, control audits, assurance activities and consulting/advisory engagements
• Knowledge and experience in applying various standards and frameworks such as ISO/IEC 27001 and 27002, NIST Cybersecurity Framework and security standards, CIS Critical Security Controls, COSO Internal Control Integrated Framework, ITAF, CobiT, ITIL, CMMI, etc.
• Working knowledge of governance, risk, and Compliance (GRC) tools and/or compliance management systems
• Strong technical skills in SharePoint and work process flows
• Excellent use of Microsoft Suite (Excel, Visio, Word, PowerPoint)

What's in it for you:

• A healthy work-life balance with employee wellness top of mind
• Annual bonus program, annual vacation allowance, and company-paid benefits program
• An additional paid volunteer day each year so you can spend time giving back to the community
• Immediate enrollment in the company's pension program with employer matching
• Employee resource groups that support an inclusive work environment
• Tuition support and specialized program assistance
• An onsite, full-service cafeteria with a variety of daily options
• Discounts on company products and services, and access to exclusive employee perks
• Regular EQ Together events focused on company togetherness and collaboration
  

As part of the recruitment/offer process you will be required to:

• Provide two professional references (minimum one supervisor and above)
• Undergo a criminal background check