Senior GRC Analyst

About KOHO We’re on a mission to make financial services better for every Canadian. That means no hidden fees, no predatory interest rates - just financial products designed to help our users spend smart, save more, and build real wealth. We’re a performance organization with a strong heart: we care deeply about outcomes, and everything ties back to our mission - to financially empower a generation of Canadians. At KOHO, we’re not your average 9-5. We believe real impact comes from people who are trusted, empowered, and supported to do their best work - without sacrificing their lives to do it. We prioritize work-life integration, not just work-life balance. That means asynchronous collaboration, flexible hours, and a remote-first setup built around autonomy and high trust. KOHO is entering its next chapter - leaner, smarter, more AI-integrated. We’re building for impact, not bureaucracy. If you thrive in environments that value clarity, ownership, and bold thinking, you’ll fit right in. About The Role We’re looking for a Senior Governance, Risk and Compliance (GRC) Analyst - Platform Technology and Payments to join our team for a role to work remotely based in Canada. Reporting to our Senior Manager, Product Security, you’re going to be a part of a team that is low-ego, high-agency which values innovation, continuous learning, and high-quality work. What You’ll Be Doing Building up and establishing a compliance program for the KOHO technology team. Compliance standards that you need to be familiar with include RPAA, OSFI B-10, and OSFI B-13. The successful candidate will be responsible for obtaining and preparing evidence packages for submission to auditors while also building a sustainable, systematic, and automated compliance program. Working with the technology team to build KRI’s that align with the relevant compliance obligations. Translate complex technical and regulatory information into clear, concise, and user-friendly documentation, including policies, SOPs, control descriptions, and network diagrams. Prepare and coordinate the review and approval of evidence packages and submission-ready documents for external audits and regulatory examinations. Work collaboratively with engineering, product, and operations teams to embed compliance requirements into the software development lifecycle (SDLC) and ensure payments and technology changes are documented accurately. Advising leadership on risk management strategies, including risk mitigation, risk reduction, compensating controls, and residual risk analysis. Supporting tech compliance requirements as it relates to payments and technology infrastructure. The main regulations, guidelines, and standards include OSFI B-13 and B-10, RPAA, and PCI. Who You Are You are someone that has experience in either technology or payments infrastructure. Both are preferred, but candidates are encouraged to apply if you have only one and interested in learning about the other. For technology, you are well versed in disaster recovery, networking, data, CICD pipelines, change management, ITSM principles (incident, problem, and change management), configuration management, KPI and KRIs. For payments, you have a deep understanding of card and bank transaction lifecycles, financial reconciliation and authorization/settlement processes in modern API-based systems. You are a self starter, determined, and have agency to be willing to learn new domains and systems that you are not familiar with. Bachelor’s degree in computer science, technology management, commerce or related technical or management field. You have excellent communication skills – this is required in order to ensure that you can communicate what the risk posture of the organization is relative to your analysis of vulnerabilities and risk. You are familiar with OSFI B-10, B-13, and RPAA. Familiarity with AWS Inspector, CloudTrail, Config, SCPs, and other AWS native technologies (EKS, RDS, DB, network firewall), Terraform, and Argo CD. Experience leading audits and working with regulators. Experience in building your own automations and scripts in order to pull data to automate evidence retrieval. You have the ability to work cross functionally. This is a role where soft skills are important in order to ensure partnerships within and outside KOHO, to communicate the risk back to the organization in a clear and concise manner. Preferred: Familiar with OSFI guidelines (B-10 and B-13) and RPAA (Retail Payment Activities Act). What’s in it for you? 📈 Opportunity to shape the future of fintech and financially empower a generation of Canadians 💰 Competitive compensation & equity 🤝 Fantastic, Deeply Engaged Team (check out our engagement scores here) 🌴 Generous vacation + Wellness days + Flex Days + holiday closure 💻 Remote-first environment + coworking support + yearly all hands retreat 🧠 Access to coaching & growth programs 👶 Parental top-up & leave policies 🏥 Comprehensive health benefits 💡 Power-up budgets for books, home office setup, phone & internet, AI tools, and professional development KOHO is for builders. If you’re energized by challenge, motivated by mission, and want to be part of a team that punches above its weight - we want to hear from you. The KOHO culture is one of collaboration, creativity, and diverse perspectives. We are committed to building and fostering an inclusive, accessible environment for everyone. If you have any questions, concerns, or requests regarding accessibility needs, please contact peopleaccessibility@koho.ca and the People and Culture team will be happy to help. AI Disclosure: KOHO uses artificial intelligence (AI) in certain aspects of its recruitment process to screen, assess, or select applicants. For any questions or concerns, please contact us at talent@koho.ca. Note: this posting is for an existing vacancy that we are seeking to fill. #LI-Remote #J-18808-Ljbffr