IT Governance, Risk and Compliance Analyst

The Opportunity:  At Equitable, we believe great things happen when we work together. We’re a Canadian mutual company driven by purpose - putting people first and helping Canadians protect today and prepare for tomorrow. If you’re passionate about making a difference and growing your career in an inclusive and collaborative environment, we’d love to hear from you. Our culture is built on care, passion and curiosity. We put people above all else, strive to be our best and welcome new ideas to deliver positive outcomes.   As we continue to evolve our cybersecurity posture, we are seeking an IT Governance, Risk and Compliance (GRC) Security Analyst to join our team and help drive our risk and compliance initiatives forward. You will report to the Senior Manager of IT Security for Governance, Risk and Compliance and work closely with various stakeholders across the organization. You will also have strong communication and collaboration skills, as well as the ability to recommend risk treatment or mitigation strategies that align with the tactical and strategic priorities of the company. This role is ideal for a security generalist with experience across all aspect of GRC, an understanding of technology, and a passion to work collaboratively with teams to support security across the organization.  You will help ensure the security and integrity of the IT systems and processes of Equitable. You will apply your subject matter expertise on IT risk management and compliance to develop and implement policies and standards, oversee and maintain control assurance activities, evaluate and improve IT controls, execute security and risk assessments, provide insights and guidance to IT and business stakeholders, assess compliance with laws, regulations, directives, and contracts, support the governance, risk and compliance platform/solution, and support the vendor risk management program.Join one of the region’s top employers and be part of something that truly makes a difference.     Work Arrangements: This is a hybrid role. You will work in our office in Waterloo, ON a minimum of two (2) assigned, consecutive days every other week, plus a fifth (5th) assigned day per month. You are welcome to work from the office more than the minimum requirement and there may be some roles that are required to work in our office more than the minimum requirement.  What you’ll do: Support the development, implementation, and maintenance of the organization’s GRC framework, policies, and procedures. Champion security risk management across the organization. Conduct risk assessments and control evaluations across business units and IT systems.  Conduct vendor risk assessments and control evaluations within the context of data security.  Supporting both project and operational initiatives. Document and track risks. Collaborate with stakeholders to ensure risk mitigation strategies are effectively implemented. Monitor compliance with internal policies and external regulatory requirements (e.g., OSFI). Assist in the preparation and execution of audits.  Track and report on remediation efforts for identified control and security gaps. Maintain and enhance GRC tools and platforms Stay current on emerging threats, regulatory changes, and industry best practices. Support and champion security awareness across the organization.  What you’ll bring: A Bachelor’s degree or equivalent experience/education in a related field 5+ years of experience in IT governance, compliance, assurance, or audit roles GRC Expertise in financial services, healthcare, or other highly regulated industries Preferred to have a CISA or CISSP     What’s in it for you: Career Growth: Regular learning sessions and development opportunities  Total Rewards: Incentive pay, annual salary reviews, employer-paid benefits and pension matching  Time Away: Competitive vacation plus one paid volunteer day each year Flexibility: Healthy work-life balance with employee wellness always top of mind, complemented by a “dress for your day” approach     At Equitable, we’re committed to fair pay and an inclusive, accessible hiring experience. If you need accommodations or alternative formats at any stage, just reach out to us at [email protected]. We’re happy to help.   Your base pay will be based on your skills, qualifications, experience and education. In addition to your salary, this role is eligible for a discretionary annual incentive award tied to business performance, plus a wide range of competitive benefits. Reports To: Senior Technology Manager, IT Governance, Risk and ComplianceDepartment: IT Security & BCP Term: Permanent Full-Time