Senior Technology Governance, Risk, and Compliance Analyst

Work Location: Edmonton Corporate Office

SNDL is the largest private sector liquor and cannabis retailer in Canada with retail banners that include Ace Liquor, Wine and Beyond Liquor Depot, Value Buds and Spiritleaf. As a licensed cannabis producer SNDL also has indoor state‑of‑the‑art grow‑op facilities to supply wholesale and retail customers under a cannabis brand portfolio that includes Top Leaf, Sundial, Palmetto, Spiritleaf, Selects and Grasslands. SNDLs investment portfolio seeks to deploy strategic capital through direct and indirect investments and partnerships throughout the global cannabis industry.

SNDL is seeking an experienced Senior Technology Governance Risk and Compliance (GRC) Analyst to support the organization’s Business Technology (BT) compliance and risk management initiatives with a strong emphasis on Sarbanes‑Oxley (SOX). This role is ideal for compliance professionals with 3 to 5 years of experience who are looking to deepen their expertise in a regulated environment while contributing to the development and execution of enterprise‑wide IT GRC programs.

The successful candidate will work closely with stakeholders across BT, Finance, HR, Internal Audit and other related business units to help safeguard the organization’s information assets while ensuring a consistent adherence to regulatory standards.

• Review and ensure that the organization’s processes, policies and procedures meet legal and regulatory standards such as PCI DSS and Sarbanes‑Oxley (SOX).
• Lead internal stakeholder education and communication initiatives pertaining to internal control policies.
• Interpret compliance guidelines to ensure that SNDL BT systems and technologies are both secure and optimized for compliance.
• Serve as a point of contact for BT‑related audits including external (PCI DSS, SOX, etc.) as well as applicable internal audits.
• Prepare evidence required for audits; thereafter track related findings and manage the remediation of any issues identified.
• Collaborate with various departments to identify and resolve compliance issues.
• Conduct risk assessments, monitor compliance issues and recommend solutions to maintain compliance.
• Assist with developing BT policies and procedures.
• Assess and report on the design and operating effectiveness of entity controls (ITGCs, application controls and business process controls).
• Maintain accurate program documentation from scoping and control documentation to testing evidence and risk assessment.
• Promote a culture of compliance and risk awareness across corporate and business segment teams.
• Other duties as assigned by BT GRC management.

• Bachelor's degree in Computer Science, Business Information Systems, Accounting, Information Technology or a related field.
• 3 to 5 years of experience in Internal Controls, IT Compliance, IT Audit, Technology risk or Information Security for a mid‑ to large‑sized organization.
• Relevant certifications such as CISA, CISSP, CRISC, PCI, CISM and/or CGEIT are preferred.
• Technical knowledge of IT GRC best practices, frameworks and regulatory requirements and laws (e.g. COBIT, COSO, SOC 2, PCI DSS, SOX, ITIL, NIST, ISO).
• Experience in conducting risk assessments and monitoring compliance issues.
• Strong analytical problem‑solving ability with an aptitude for connecting the dots across the technology and compliance domains.
• Effective communication skills with the ability to present ideas to technical as well as non‑technical audiences.
• Ability to work independently and collaboratively in a fast‑paced environment.
• Strong process improvement mindset with a keen attention to detail.
• Good knowledge of ERP systems (Microsoft D365 and/or Business Central) and collaboration platforms such as SharePoint. Experience using a GRC/audit tool is a bonus.
• Curious, enthusiastic and possessing a strong passion for technology.

As a valued member of the SNDL team you will enjoy :

• Competitive total compensation and incentives.
• An extended benefits package including medical, health spending account and dental.
• An entrepreneurial and innovative environment that fosters growth and continuous learning.

We are grateful for the interest in this role from all candidates; however, we will be contacting only those that are selected for next steps in the hiring process.

SNDL is an equal‑opportunity employer. We are committed to building a welcoming, inclusive, diverse and safe workplace where all our team members have equal opportunity to succeed. We know this begins with recruitment. To honor our commitment, SNDL encourages applications from individuals from all backgrounds, sexual orientation, gender identity, ancestry, ages and abilities.

Required Experience : Senior IC

• ISO 27001
• Operational Risk Management
• Risk Management
• FedRAMP
• PCI
• Risk Analysis
• Visio
• COBIT
• NIST Standards
• SOX
• Information Security
• ISO 27002

Employment Type – Full‑Time

Vacancy – 1