GRC Analyst

About The Position

Requirements

• 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
• Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
• Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
• Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
• Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
• Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.

Nice To Haves

• An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
• Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.

Responsibilities

• Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy exception management, attestation processes, and identify opportunities for process improvement.
• Assist with enterprise risk assessments, including vendor and process-level reviews.
• Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
• Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Assist with evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to support audit, privacy, and compliance workflows.
• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.
• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.
• Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
• Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
• Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.

Benefits

• Innovative work.
• Growth opportunities.
• Caring co-workers.
• A chance to do work that fills us with a sense of purpose.