Senior Governance, Risk and Compliance (GRC) Analyst

As a Senior Governance, Risk and Compliance (GRC) Analyst, you will establish risk and compliance programs, focusing on automation and repeatability, particularly for PCI DSS and SOC 2 Type 2. The successful candidate will be responsible for obtaining and preparing evidence packages for submission to auditors while building the program. You will manage third-party cybersecurity risks, vulnerability management, and phishing programs, while collaborating with engineers to triage vulnerabilities and assign risk. You will also maintain security policies, advise leadership on risk management strategies, and ensure broad security awareness. You'll also support broader tech compliance requirements as they relate to RPAA, Mastercard, OSFI, and more.