Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program.
Requirements
- Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
- Support policy exception management, attestation processes, and identify opportunities for process improvement.
- Assist with enterprise risk assessments, including vendor and process-level reviews.
- Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
- Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
- Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
- Assist with evidence gathering, control validation, and auditor engagement.
- Leverage GRC platforms to support audit, privacy, and compliance workflows.
- Support the sales process by responding to client inquiries related to security, privacy, and compliance.
- Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
- Partner with sales and client success teams to provide timely, accurate responses that build client trust.
- Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
- Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
- Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
- Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.
- Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
- Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
- Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
- Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
Benefits
- Flexible hybrid work arrangement
- Comprehensive benefits package
- Professional development opportunities
- Diverse and inclusive work environment
- Employee resources groups
- Generous parental leave policy
