Senior Analyst – IT Governance, Risk and Compliance

Senior Analyst – IT Governance, Risk and Compliance

Markham, ON, Canada Req #2497

Proudly Canadian-owned, Enercare is committed to providing the best services, solutions and advice to make customer’s homes as comfortable as they can be. With Enercare Advantage, we provide affordable clean air and water solutions for homes and workplaces. We are committed to operating in an environmentally responsible way, including keeping as much waste out of landfills as possible, and giving back to the communities where we live and work. Enercare is about putting people first by listening to our customers, continuous improvement and making our organization a destination for building people’s careers.

Role: Senior Analyst – IT Governance, Risk and Compliance

Status: Regular, Full-Time

Department: Information Technology

Reports: Director, IT Governance, Risk and Compliance

Location: Hybrid - Markham

Summary:

The Senior Analyst – IT Governance, Risk and Compliance (IT GRC) will manage activities within Canada and US, as part of the IT GRC team, and report directly to the Director, IT GRC. The person will be instrumental in collaborating across IT, business, and internal / external audit teams especially for the compliance process.

A great fit for this role is someone with working experience in the field and who has assisted in planning, testing, execution and reporting on IT Governance, Risk and Compliance, especially processes and controls for Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Data Security Standards (DSS) and/or compliance programs.

Responsibilities:

IT Governance

• Responsible for writing, or advising on IT Policies, Standards, Guidelines, Procedures, Plans, Playbooks & Standard Operating Procedures (SOPs) and ensure alignment to industry standards, best practices, regulatory requirements, IT enterprise policy framework & management requirements.
• Ensuring policies are reviewed on schedule & communicated to all relevant parties in compliance with processes.
• Ensure that IT procedures, controls and documentation are sufficient across IT, provide advice on gaps and support or guide teams in filling those gaps.
• Responsible for performing gap analysis of IT governance and remediating gaps or working with department management to remediate gaps.
• Supporting the Data Governance program and records information management programs.
• Performing all aspects of an IT risk management program, including assessing risk, documenting technical details and ensuring understanding by non-technical people.
• Reviewing & assessing management responses, ensuring that risks are sufficiently mitigated, and documenting justification.
• Performing risk assessments of vendors and providing advice on improvements to that process.
• Facilitating periodic risk review sessions with IT leadership.
• Manage the third-party risk management process for external vendors.

IT Compliance

• Assist with the IT Compliance programs (e.g., SOX, PCI DSS) including planning, testing, execution, monitoring and reporting of new and existing processes and controls.
• Participate in annual and ongoing IT Compliance scoping to identify changes to systems and controls considered to be in-scope.
• Manage IT Compliance readiness, such as control identification and testing for new systems.
• Lead IT General Control (ITGC) and application control (ITAC) walkthroughs for new or complex processes.
• Develop, update and/or review IT process documentation for accuracy and relevance.
• Coordinate IT SOX program testing with internal and external audit teams.
• Evaluate IT control deficiencies for impact and perform root cause analysis.
• Monitor management’s remediation efforts to closure.
• Provide regular IT Compliance program status reporting to the IT team and management.
• Assist with benchmarking and initiatives to improve controls and processes.
• Work closely with cross-functional teams including IT Operations, Accounting/Finance, and Internal/External Audit.
• Collaborate with auditors to ensure compliance requirements are met.
• Ensure new software programs meet compliance requirements before operational use.
• Support and manage detailed testing of controls.
• Train IT GRC to the IT and Business teams.
• Build trust and positive working relationships with auditors and stakeholders.
• Collaborate with Project, IT development and operations teams to optimize IT resources.

Qualifications:

• Bachelor’s degree or higher in Information Technology, Information Security, Computer Science, or Finance/Accounting.
• 5+ years of experience in IT Governance, Risk Management, Compliance and/or Audit.
• Certifications in CPA (CA, CMA, CGA), CISA, GRCP, CGRC, CIA preferred.
• CISSP, GIAC, CGEIT, CRISC, CISM, CDPSE, ISO 27001 are an asset.
• Demonstrated success with IT GRC programs.
• Advanced knowledge of SOX, PCI DSS and related standards/frameworks required.
• Knowledge of CIS, ISO 27001, COBIT, NIST preferred.
• Strong communication and collaboration skills.
• Ability to deliver projects on time and manage several projects.
• Experience in large professional services, consulting, and audit firms is desired.
• Experience in supporting compliance with applicable privacy laws is an asset.

Enercare is an equal opportunity employer. We are committed to equal employment opportunity regardless of race, colour, ancestry, national origin, religion, sex, age, sexual orientation, gender identity, citizenship, marital status, disability, pregnancy, military status, protected veteran status or other characteristics protected by applicable law. Enercare’s recruitment process includes accommodation for applicants with disabilities in accordance with applicable provincial accessibility laws and regulations.