IT Infrastructure Services 2 - Governance, Risk & Compliance

Security Analyst – Governance, Risk & Compliance (GRC) provides Tier-2 operational support within the Information Risk Management team, focusing on cybersecurity governance, risk, and compliance activities. This role helps respond to General Service Requests (GSRs) and security incidents, ensuring accurate documentation and appropriate follow-up. Key responsibilities include tracking and organizing security-related tickets, assisting with compliance reporting, and supporting security policy exception processes by logging requests, gathering details, and ensuring follow-ups. The analyst contributes to third-party security reviews by helping collect and review vendor security information, identifying security-related documentation gaps, and supporting internal teams with compliance questions. This role also involves participating in audit and compliance support efforts, ensuring that security controls align with NIST Cybersecurity Framework (CSF) principles. The analyst will assist in process improvements, governance documentation updates, and stakeholder collaboration efforts while developing foundational cybersecurity knowledge.

GRC Daily Operations: Assist in responding to General Service Requests (GSRs) and security incidents by documenting and tracking issues. Support the team in reviewing and distributing security-related tickets. Help categorize and escalate security incidents following NIST CSF guidelines. Maintain records of security-related activities, ensuring accuracy for reporting purposes.

Compliance & Risk Support: Assist in processing security policy exceptions, ensuring requests are documented and compliance follow-ups occur. Support third-party security reviews by collecting vendor security information, identifying missing documentation, and initiating yearly compliance attestation where required. Help track audit-related security findings and follow up on outstanding tasks as directed. Contribute to compliance-related documentation, ensuring security activities align with NIST CSF requirements.

Process Improvement & Governance Documentation: Assist in updating security policies, standards, and guidelines under the direction of senior team members. Support efforts to improve workflows related to security compliance and risk tracking. Help organize and maintain governance documentation, ensuring accessibility and accuracy.

Collaboration & Security Awareness Support: Work with internal teams to gather information for security compliance and risk-related tasks. Contribute to security awareness efforts by assisting with basic research and content preparation. Participate in meetings with internal stakeholders to support cybersecurity-related discussions.

• Acute Care Alberta:
• Primary Care Alberta:
• Recovery Alberta:
• Classification: IT Infrastructure Services 2
• Union: Exempt
• Unit and Program: Information Risk Management
• Primary Location: CN Tower
• Location Details: Eligible to work hybrid (on/off site) within Alberta
• Negotiable Location: Provincial
• Employee Class: Regular Full Time
• FTE: 1.00
• Posting End Date: 23-MAY-2025
• Date Available: 09-JUN-2025
• Hours per Shift: 7.75
• Length of Shift in weeks: 2
• Shifts per cycle: 10
• Shift Pattern: Days
• Days Off: Saturday/Sunday
• Minimum Salary: $25.02
• Maximum Salary: $41.71
• Vehicle Requirement: Not Applicable

Degree/Diploma in Information Technology or equivalent education and experience in lieu.

Knowledge and/or experience of industry best practices for IT risk management. Understanding of IT process management and improvement. Understanding of the Healthcare IT sector.

Knowledge and/or experience of industry best practices for IT risk management. Understanding of IT process management and improvement. Understanding of the Healthcare IT sector.