IT Security Analyst GRC

About The Position

Requirements

• Bachelor’s degree or diploma in Computer Science, Information Technology, Cyber Security, or a related field
• Strong understanding of IT infrastructure, software development, and systems integration.
• Strong understanding IT audit concepts, internal controls, and risk management principles
• CompTIA Security+
• Microsoft Security Fundamentals (SC-900)
• Familiarity with security frameworks such as CIS Controls, NIST, and ISO 27001
• Knowledge of IT General Controls (ITGC) such as access control, change management, and logging
• Strong attention to detail and ability to follow structured processes
• Good documentation and communication skills
• Analytical thinking and problem-solving ability
• Ability to manage multiple tasks and follow through on audit and risk items
• Willingness to learn and grow within a GRC / IT Audit career path
• Ability to align with company core values (Innovation, Community, Excellence, Safety).
• Valid driver’s license and potential use of a personal vehicle
• Ability to sit for extended periods and work on a computer
• Commitment to continuous learning and professional development

Nice To Haves

• CISA (preferred)

Responsibilities

• Support the development and execution of the IT Audit Program aligned with CIS Controls and industry best practices
• Perform control design and operating effectiveness testing (e.g., access control, change management, user provisioning)
• Assist in maintaining and updating the IT risk register, including tracking remediation activities
• Support internal and external audits, including evidence collection, walkthroughs, and audit coordination
• Review and assess vendor security posture, including SOC 2 reports, ISO certifications, and security questionnaires
• Participate in risk assessments for new applications, systems, and vendors
• Assist in developing and maintaining security policies, standards, and procedures
• Support compliance mapping across frameworks (CIS, NIST, ISO 27001)
• Maintain structured audit documentation, control evidence, and reporting artifacts
• Track audit findings, risk exceptions, and remediation plans to closure
• Support user access reviews and validation of role-based access controls (RBAC)
• Assist in validating user provisioning, transfers, and terminations
• Review change management controls and approvals for system changes
• Support privileged access reviews and governance processes
• Ensure proper documentation and audit trails are maintained for all control activities
• Assist in reviewing security alerts from tools such as Microsoft Defender and SIEM platforms (as required)
• Support basic incident documentation and escalation to senior team members
• Assist in identifying trends or anomalies through log reviews
• Collaborate with the security operations team when required
• Support security awareness initiatives such as phishing simulations and user education
• Promote security best practices across IT and business teams
• Collaborate with IT, business units, and project teams to ensure secure and compliant implementations
• Provide support for security reviews during project planning and implementation to ensure secure and compliant solutions.
• Collaborate with IT and other departments to ensure security best practices are followed.

Benefits

• Extended Healthcare Plan (Medical, Disability, Dental & Vision)
• Group RRSP
• Group Life - AD&D - Critical Illness Insurance
• Training & Development
• Employee Assistance Program - Counseling