GRC Analyst

We are seeking a highly skilled GRC Analyst to join our team at Prosource. As a key member of our IT governance team, you will play a critical role in ensuring the effective management of risk and compliance across our global operations.

Key Responsibilities:

• Design, assess, and remediate controls related to applications, infrastructure, and databases to ensure the integrity of our IT systems.
• Collaborate with internal and external auditors to ensure timely and accurate provision of information and address any findings or recommendations.
• Assist IS teams in completing testing, evidence gathering, and submission to demonstrate the operating and design effectiveness of controls.
• Provide training and input to control assessments to staff where required.
• Request and collect SOC1 Type 2 and SOC 2 reports for all SaaS applications.
• Connect with IS teams to obtain supporting evidence for OS changes on infrastructure and relevant supporting information for applications.
• Connect with various business teams regarding JML processes, user access matrices, DR/BCP solutions, and relevant supporting evidence for applications.
• Work with support partners to gather information, evidence, processes, and other relevant support information for applications.
• Support the remediation of IS controls, where applicable, for all applications, including establishing recurring requests for audit purposes.
• Ensure management of change processes are in place to support relevant IS controls for all applications.
• Align with IS database teams and support partners to ensure relevant control measures are in place for data integrity, relevance, and maintenance for all applications.
• Collaborate with IT teams, business units, and senior management to enhance awareness and understanding of IS principles, practices, and objectives.
• Ensure the successful delivery of initiatives and projects within the Governance, Risk, and Compliance environment.
• Foster strong working relationships with key stakeholders to promote effective communication, coordination, and alignment of IS GRC initiatives.

Requirements:

• Proven track record in developing policies and procedures.
• Proficient in IT governance and quality standards.
• Advanced Microsoft 365 skills (Excel/PowerPoint) are preferred.
• Experience in risk management and control assessments.
• Strong knowledge of General IT Controls (GITC) assessments, evidence provision, and control operation.
• Experience working with third-party vendors and on-premise solutions.
• Experience with internal infrastructure and database risks and controls.
• Familiarity with one or more industry frameworks and standards such as ITIL, COBIT, NIST Cybersecurity Framework, and ISO 27001.
• Strong communication skills, both verbal and written, with the ability to present technical information to non-technical stakeholders effectively.
• Demonstrated ability to work independently, manage multiple priorities, and meet deadlines in a fast-paced environment.
• Ability to influence and collaborate with cross-functional teams.