Job description
At Equitable Life of Canada, we realize that your work life is not just about performing a job; it's about being part of a workplace that helps you grow and reach your full potential. Within our friendly and collaborative work environment, we recognize that the key to our growth and success is a dedicated, motivated and customer-responsive staff. Join Equitable Life today.
Position Title: IT Governance, Risk and Compliance Analyst
Reports To: Manager, IT Governance, Risk and Compliance
Department: IT
Term: Permanent Full-Time
Work Arrangements: We are currently working remotely, and we will be moving to a hybrid model when our office renovation is complete (approximately November 2023), coming into the office a minimum of 2 days per week, every other week on designated days.
The Opportunity: Equitable Life is looking for an IT Governance, Risk and Compliance Analyst!
The IT Governance, Risk and Compliance Analyst will provide subject management expertise on Equitable’s management of IT risks and the successful delivery of compliance and remediation activities. The role will facilitate the application of the principles of risk management to Equitable’s products, services, technology, and information assets and will recommend risk treatment or mitigation strategies in alignment with the organization’s tactical and strategic priorities. The IT Governance, Risk and Compliance Analyst will evaluate technology and procedural compliance with laws, regulations, governmental directives, and contractual obligations and assesses conformance to internal policies, standards, and procedures.This role will also support for the implementation and ongoing management of Equitable’s Governance, Risk and Compliance platform/solution as well enhancements to and management of the Vendor Risk Management program.
Now is an exciting time to join one of the Waterloo Region’s Top Employers for 2023!
What you will be doing:
- Responsible for championing enterprise risk management and IT security principles
- Support the IT Security Management in the development, implementation and maintenance of IT Security and related corporate policies, standards, and guidelines
- Evaluate and monitor compliance to the internal controls, policies and standards
- Support initiative and project risk assessments brought to IT Security for review
- Lead the third party / vendor security risk assessment program which may include:
- Review of third-party /vendor questionnaires, IT control assurance reporting and/or related evidence supplied during assessment
- Review of third-party / vendor contracts for IT security and control commitments.
- Support the implementation of an enhanced vendor portfolio management solution
- Support the selection, implementation, and integration of a vendor monitoring/scoring solution
- Support the implementation and ongoing management of an enterprise Governance, Risk and Compliance platform/solution to enhance the company’s risk management and risk reporting/tracking capabilities
- Support the development and maintenance of Equitable’s risk register and issue management programs and support risk treatment planning, monitoring, and reporting processes
- Facilitation and coordination of internally and externally driven IT control audits including evidence gathering, walkthrough coordination and management response to identified findings
- Provide consulting and/or advisor services to Equitable stakeholders to ensure that technical and operational risks are effectively managed and to facilitate the escalation of risks
- Participate in compliance change management processes to monitor, identify, evaluate, and disseminate updates to legislation, regulation, government directives, etc. and oversee control updates as necessary
- Participate in processes to strengthen Equitable’s security, compliance and risk management frameworks and support mitigation of exposures
- Various other governance, risk and compliance accountabilities as assigned
- Bachelor's degree or combined experience/education as substitute for minimum education
- 5+ years of directly related experience in IT Governance, IT Compliance, IT Assurance or IT Audit roles
- Expertise in financial services, healthcare, or other highly regulated industries is an asset
- The successful candidate will have or be working towards formal industry certification in one or more key areas such as IT governance, audit, and / or risk management, such as:
- Certified in Risk and Information Systems Control (CRISC),
- Certified Information Systems Security Professional (CISSP),
- Certified Information Security Auditor (CISA)
- Capabilities in control analysis, risk analysis, IT knowledge, process assessment, consulting, data analysis, audit, vendor and contract management.
- Experience translating legislation, regulations, or interpretations of these into actionable control objectives or policy/standard requirements.
- Proficiency in planning and delivering risk assessments, control audits, assurance activities and consulting/advisory engagements in a dynamic and complex environment.
- Understanding and experience in applying a broad range of standards and frameworks such as but not limited to ISO / International Electrotechnical Commission (IEC) 27001 and 27002, National Institute of Standards and Technology (NIST) Cybersecurity Framework and security standards, Center for Internet Security (CIS) Critical Security Controls, Committee of Sponsoring Organizations (COSO) Internal Control Integrated Framework, Information Technology Assurance Framework (ITAF), Control Objectives for Information and Related Technology (CobiT), the IT Infrastructure Library (ITIL), Capability Maturity Model Integration (CMMI), etc.
- Sound working knowledge of governance, risk, and compliance (GRC) tools and / or compliance management systems
- Working knowledge of the Factor Analysis of Information Risk (FAIR) methodology for risk quantification
- Strong technical skills in SharePoint and work process flows
- Excellent use of Microsoft Suite (Excel, Visio, Word, PowerPoint)
- A healthy work-life balance with employee wellness top of mind
- Annual bonus program, annual vacation allowance, and company-paid benefits program
- An additional paid volunteer day each year so you can spend time giving back to the community
- Immediate enrollment in the company’s pension program with employer matching
- Employee resource groups that support an inclusive work environment
- Tuition support and specialized program assistance
- A company subsidized cafeteria with a variety of daily options
- Discounts on company products and services, and access to exclusive employee perks
- Regular EQ Together events focused on company togetherness and collaboration
- Provide two professional references (minimum one supervisor and above)
- Undergo a criminal background check
At Equitable Life, we are committed to providing equal access to employment opportunities across our organization. Please contact our HR team at [email protected] if you would like to receive our job postings in an alternative format or require an accommodation with the application process.
About Equitable Life Insurance Company of Canada
CEO: Fabien Jeudy
Revenue: $500 million to $1 billion (USD)
Size: 501 to 1000 Employees
Type: Company - Private
Website: www.equitable.ca
Year Founded: 1920