Governance, Risk & Compliance Analyst

Docebo•Toronto, ON

1d•CA$68,300 - CA$91,000•Hybrid

About The Position

The Governance, Risk & Compliance Analyst is a key contributor to Docebo's security and compliance program. This role supports the development and maintenance of our security framework, helping to ensure the company meets its regulatory obligations and effectively communicates its compliance standing to both internal and external stakeholders. Working under the guidance of senior team members, this individual will assist in various governance, risk, and compliance activities. The role involves collaboration with teams across the organization, including Sales and Legal, to help address customer inquiries related to security and compliance. This position offers an opportunity to grow and learn within a dynamic security environment, contributing to the continuous improvement of our control environment.

Requirements

Typically 3+ years of relevant work experience.
Working experience IT Risk Management, Governance, or a similar Information Security role.
Experience supporting the development of security policies, risk assessments, or internal/external audit cycles for a SaaS company.
Familiarity with information security principles, trends, and best practices, particularly in cloud environments (e.g., AWS, Azure, GCloud).
Knowledge of GDPR requirements and other data privacy laws (eg: CCPA, PIPEDA).
Knowledge of ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, ISO 9001, SOX, DORA, NIST CSF, and AICPA/ISAE 3000 SOC 2 & PCI DSS.
Familiarity with the FedRamp framework
Foundational understanding of security and compliance concepts
Strong desire to learn and grow in the field
Detail-oriented and organized approach
Good communication skills
Proactive mindset
Ability to work effectively as part of a team

Responsibilities

Support Governance and Policy Management: Assist in the creation and maintenance of cybersecurity and privacy policies, standards, and control frameworks to help align with key industry regulations (e.g., PCI DSS, ISO 27001, SOC 2) and business goals.
Contribute to Risk Assessments: Participate in cybersecurity risk assessments across the organization by helping to identify and document potential risks. Support the monitoring and tracking of risk treatment plans under the supervision of senior GRC team members.
Assist with Audit Support: Provide support for internal and external audits (e.g., ISO 27001, SOC 2, PCI DSS) by gathering evidence, helping to coordinate with internal teams, and assisting in the management of audit-related tasks.
Aid in Vendor Risk Assessment: Assist the GRC team in evaluating the risks associated with third-party vendors by supporting the monitoring of their security controls and helping to maintain risk management reports.
Maintain Documentation and Reporting: Help maintain clear and organized documentation of compliance activities, including risk assessments, risk register, and control inventory and audit evidence. Assist in preparing reports on the GRC program's status for management.
Facilitate Cross-functional Collaboration: Work with various departments to support the implementation of security controls and help align compliance and security efforts with business objectives, guided by the GRC team.
Handle Customer Inquiries: Respond to customer security and privacy inquiries by helping to complete compliance questionnaires and contributing to RFIs and RFPs, ensuring that information is accurate and delivered in a timely manner to support the sales process.