Governance, Risk and Compliance (GRC) Analyst

At Canadian Forces Morale and Welfare Services (CFMWS), we’re more than just a workplace; we’re a proud community dedicated to supporting Canadian Armed Forces members, veterans and their families in their daily lives. We carefully curate and provide programs and services designed to meet their unique needs and enhance their mental, social, physical, financial and familial well-being. CFMWS employees deliver programs and services including recreation, sports and fitness programs, customized financial services, retail services, access to retail savings and discounts and offers family support and organizes charity events.

Our success stems from living our values. Our employees care about their role in supporting Canadian Armed Forces members, veterans and their families and act with integrity in all they do. Thriving in our close-knit environment, we act as one team with one mission. We constantly seek new ideas and creative ways to deliver the best possible programs and services.

As an employer, we offer a commitment to your health, wellness and growth. We provide a diverse range of roles across many locations and a career where you can make a meaningful impact.

As a Cyber Security Governance, Risk and Compliance (GRC) Analyst, you ensure that the organization’s information systems are protected by completing technical control reviews and reporting on compliance. You will help maintain the highest standards of cyber security and regulatory compliance. You perform information risk assessments and provide guidance on industry best practices and alignment to standard cybersecurity frameworks. (ISO, NIST) You monitor and measure overall information security practices across the different technologies and processes. You will work with the team to update and design new information security policies. The Cyber Security GRC Analyst improves information security through security awareness programs, policies, guidelines and standards, as well as through the ongoing integration of information security within business strategies. If you are passionate about technology and want to be part of a team who is becoming the orchestrator of digital innovation, this is the opportunity for you.

Education, Certifications and Licenses

College diploma or certificate in Computer Science, Computer Systems Engineering or a related field.

Certified Information System Security Professional (CISSP) certification, Certified Information Systems Auditor (CISA), or equivalent certification, an asset.

Experience

Minimum 2 years of previous experience as senior GRC and/or audit role. Experience in the IT field is not mandatory but highly desirable.

Enhanced reliability security clearance.

Develop, implement, and monitor cyber security protocols, policies, and procedures.

Monitor compliance with applicable laws, regulations, and internal policies.

Provide advice and guidance to the business on cyber security and compliance matters.

Ensure the accuracy of cyber security and other regulatory reports.

Lead investigations into potential cyber security and compliance issues (PCI) Develop and maintain a comprehensive risk register.

Create and update technical documentation.

Perform comprehensive risk assessments.

Perform comprehensive solution security assessments.

Write security policies, standards, and directives.

Weigh in on business risks and suggest appropriate information security measures.

Competencies, Skills and Abilities

Client focus, organizational knowledge, communication, innovation, teamwork and leadership.

Self-starter who does not require lots of oversight and has a get-it-done attitude.

Ability to quickly pivot and change plan as required.

English or French Essential, Bilingual (English and French) an asset

Reading: Functional

Writing: Functional

Oral: Functional

Health Benefits: Drug coverage, healthcare spending account, virtual care (telemedicine), Employee and Family Assistance Program, mental health support, travel insurance, dental, vision, life insurance and disability insurance.

Work Life Balance: Flexible work options and a wide range of paid/unpaid leave, including paid vacation, family related leave and personal days.

Retirement Planning: Group Savings Plans.

Learning and Development: Payment of professional association memberships, online learning opportunities including a LinkedIn Learning subscription and second language training.

Perks: Discounts through CF One Member Appreciation.

Explore all the benefits CFMWS offers by visiting: https://cfmws.ca/Benefits

This is a hybrid position with an assigned work location allowing the employee to work partly from a corporate office and partly from a home office in accordance with the CFMWS Flexible Work Options Policy, and with approval from the direct manager.

This position is a one-year term.

The selection process will be done virtually.

You may be eligible to receive a Scarce Skills Premium for this position as outlined in the attached IT Scarce Skills Compensation Agreement.

As soon as possible

CFMWS is committed to providing an inclusive, equitable and accessible environment, where all employees feel valued, respected and supported. We welcome applications from all qualified candidates who can help us build a workforce that reflects the diversity of Canadian society. If contacted in relation to a job opportunity or assessment, you should advise the recruitment team in a timely fashion of the accommodation measures which must be taken to enable you to be assessed in a fair and equitable manner. Information received relating to accommodation measures will be addressed confidentially.