GRC Security Analyst

Posting End Date:
May 04, 2025

Employee Type:
Regular-Full time

Union/Non:
This is a non-union position

We are seeking a GRC Security Analyst to join our diverse team. The primary responsibilities include collaborating with vendor partners to perform Threat & Risk Assessments (TRA) for new technologies entering service, ensuring quality and timeliness. Read on!

We offer growth opportunities, competitive benefits and pension plans, and generous time off. Apply today—we'd love to hear from you! #joinourteam

Note: Internally, this role is referred to as Analyst I TIS Security

1. Coordinate Cyber TRA work to ensure quality and value-added outputs are delivered promptly.
2. Identify areas for TRA process improvements to enhance the company's cybersecurity posture and customer satisfaction.
3. Configure and maintain governance, risk, and compliance capabilities within the team's GRC application.
4. Collect TRA metrics, ensure data accuracy, and report on the Cybersecurity Governance Program, including controls and exception reporting.
5. Update and monitor policy and standard changes driven by external requirements.
6. Stay informed on cybersecurity frameworks and best practices such as NIST, ISO 27001, ISO 27002, SOX controls, SOC reporting, and current cyber-attack vectors to secure assets/data/applications.

1. Follow Enterprise Risk Management processes for identifying, ranking, and tracking technology and cyber risks, escalating as needed.
2. Collaborate with Business Solutions to ensure risks are properly prioritized and reviewed before processing exceptions.
3. Regularly track TRAs and risks to ensure timely management and minimal overdue items.

1. Support governance, risk, and compliance activities, including internal audits, SOX, and policy adherence, engaging with CISO as needed.
2. Contribute to establishing consistent monitoring, gap remediation, and continuous process improvement approaches.

1. Engage with control owners and subject matter experts to promote value and compliance, acting as the point of contact for cybersecurity assurance and risk activities at the business unit level.

1. Possess a relevant university degree (Computer Science, Engineering, Audit, Business, or related) with limited experience, or a two-year technical diploma with some work experience in information security, IT governance, compliance, cybersecurity, audit, or risk management.
2. Capable of managing multiple initiatives and conflicting priorities.
3. Disciplined and professional, especially regarding confidential information.
4. Understanding of compliance and quality assurance roles.
5. Effective communicator with strong technical and business writing, documentation, and presentation skills.

Enbridge offers flexible workplace programs, including hybrid work models with options for variable schedules, compressed workweeks, or remote work on Wednesdays and Fridays, depending on role requirements. #LI-Hybrid

We are committed to inclusion and equal opportunity. We welcome applicants regardless of age, race, color, national or ethnic origin, religion, sex, sexual orientation, gender identity or expression, marital status, family status, veteran status, Indigenous status, disability, or other protected categories. Accessible formats and communication supports are available upon request at careers@enbridge.com.

• Applications are accepted only through our online system.
• Only shortlisted candidates will be contacted for interviews.
• Final candidates may undergo security screening, including a criminal background check.

Learn more about us at www.enbridge.com.