Senior Security Analyst GRC

Join nesto — proudly named Canadian Rocketship 2025*. A Deloitte Fast 50 company evolving alongside Canada’s top tech innovators and disrupting a 2.1 Trillion-dollar mortgage industry at light speed by building the mortgage ecosystem of the future.

BUILD lending technology with the best developers, AI engineers, and mortgage experts in the country. Work on a modern tech stack and a development framework designed to unlock your full potential and accelerate your career.

• Hypergrowth: Deloitte Fast 50 — 3 years in a row
• Tech community credibility: TechTO Canadian Rocketship 2025*
• Industry leadership: CLA Lending Company of the Year — 4 consecutive years
• Talent magnet: CMP Top Mortgage Employer 2025
• Trusted technology: powering major financial institutions across Canada
• An entrepreneurial culture built on trust, speed, uncomfortable ambition, being stronger together, and a relentless obsession with our clients.

We’re looking for a Senior Security GRC Analyst reporting to the GRC manager. This role is ideal for someone who enjoys operational excellence, audit leadership, and building scalable compliance practices in a cloud-first company.

• Own day-to-day and strategic operation of the compliance automation platform (Vanta), including integrations, control mappings, evidence hygiene, and continuous monitoring
• Automate evidence collection and reporting workflows using scripts/APIs where applicable
• Lead external audits end-to-end for SOC 2, SOC 1, ISO 27001 and future certifications (ISO 27017, ISO 27018)
• Coordinate audit timelines, control walkthroughs, evidence requests, and stakeholder follow-ups
• Ensure policies, standards, and processes are written in a clear, actionable, audit-ready format and remain aligned with real practices
• Build and operate an internal audit and internal control self-assessment program (testing methodology, sampling, reporting, corrective actions)
• Track audit findings and remediation plans, ensuring timely closure and clear accountability
• Improve audit efficiency and reduce operational burden through repeatable frameworks and automation

• 5–8 years of experience in Security GRC, IT audit, internal audit, security compliance, or risk assurance
• Strong hands-on experience leading audits and certifications (SOC 2, SOC 1, ISO 27001); ISO 27017 / ISO 27018 experience is a plus
• Proven ability to build or mature internal audit / internal controls practices
• Strong experience with compliance automation tools (Vanta, Drata, Anecdotes, Tugboat Logic)
• Excellent ability to write and maintain policies, standards, and processes that teams can follow
• Strong organizational skills and attention to detail
• Strong stakeholder management skills and ability to drive remediation to closure
• Scripting/automation experience (Python, PowerShell, Bash, APIs, SQL) is a strong plus
• English is required for writing and documentation. French speaking and reading is a strong plus.

• The A-Team: Work alongside high-performing talent in the industry.
• Accelerated Growth: The slope of your learning curve here will be vertical. You will touch more production systems in one year than you would in five years at a bank.
• Top-Tier Coverage: Premium benefits plan fully paid by nesto, including comprehensive insurance and unlimited access to telemedicine and mental health services for you and your family.
• Rest & Recharge: 4 weeks of vacation to ensure you stay at peak performance.
• Best-in-Class Tools: Access to the resources and tech you need to execute without friction.
• Working framework: The environment that makes you productive and enables teamwork (Hybrid model).

At nesto, we believe that creativity and collaboration are the result of a diverse team. We are committed to fostering a culture of diversity, equity, inclusion, and belonging, and we strongly encourage women, people of color, LGBTQIA+ individuals, and individuals with disabilities to apply. We are committed to creating a workplace that is inclusive and welcoming to all.