IT Business Analyst - GRC

Location: Toronto – hybrid – onsite 4x/week

Contract Duration: 6 months

Possibility of extension & conversion to FTE

Number of Positions: 1

Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week (Possible OT)

Reason: Additional workload

Business group: IT Risk

The IT Risk Governance and oversight group supports standards, processes, methodologies for technology and cybersecurity risks.

We need an experienced Governance, Risk and Controls professional to support with the IRM ServiceNow work contracted through an external vendor. This person will help with all requirements collection, stakeholder workshops, specific settings to Technology Issues workflow, as part of Technology Governance, Risk and Oversight team. Responsible for tracking and reporting software currency remediation.

The project will implement Integrated Risk Management (IRM) for technology risk. The team requires IRM ServiceNow GRC tool.

The successful candidate will have the opportunity to work on an extensive project and contribute to the steady state of the new GRC tool that is to be implemented. The successful candidate will have the opportunity to be converted to FTE depending on performance.

• Identify the stakeholders involved in Issue lifecycle.
• Collaborate with the vendor to ensure complete inventory of foundational elements
• Collects all data elements necessary to describe the issue.
• Develop and collect requirements through workshops
• Collaborate and influence across the organization to help build awareness and ensure common adoption of Issues Management practice across Technology to drive forward a common enterprise-wide approach.
• Directly support the IT Risk Governance and Controls Director, to collaboratively:
  • Collect and analyze requirements for the initial configuration of GRC tool
  • Work directly with the vendor to establish what good looks like to implement the Issues Management workflow for Technology Risk issues
  • help improve the Issues Management Practice, functioning as a Centre of Excellence
  • contribute with requirements to the Issues Management reporting and monitoring process
• Support the IT Risk Governance and Controls Director with research and industry practices on Technology Issues Management contributing with counsel and direction on strategic decisions related to enhancements, new metrics, and indicators.

1. 10+ years of experience with risk and compliance and issues management (governance, risk and controls)
2. 5+ years of experience with GRC tools, exposure to issues management lifecycle
3. 5+ years of experience with JIRA/CONFLUENCE
4. 3+ years of experience with project management
5. 1+ years of experience with technology risk and compliance

1. Strong proficiency with PowerPoint
2. SQL experience
3. Dashboarding skills (PowerBI, Tableau)
4. CRISC ISACA certification

• Strong communication and influencing capability
• Well-developed analytical competencies
• Ability to balance competing or conflicting goals of various departments and stakeholders with a mature, diplomatic approach and highly developed negotiation and influencing skills
• Good communication, facilitation and presentation skills for developing communication strategies for Executive approval through implementation of strategies and programs

Bachelor’s degree

The ideal candidate would have strong experience with technology risk management. The manager is not looking for credit risk experience, but rather technology related risk management.

1 round (possible 2nd round)

HM – in-person preferred otherwise MS Teams Video – 1 hr (behavioural & Situational)

Hiring Manager’s availability to interview: ASAP