GRC Analyst, Information security

Ranked a Best Employer in Canada for 25 years, Bennett Jones is one of Canada’s premier business law firms and home to 500 lawyers and business advisors. With deep experience in complex transactions and litigation matters, and offices in Calgary, Edmonton, Montréal, Toronto, Vancouver and New York, the firm is well equipped to advise businesses and investors with Canadian ventures and connect Canadian businesses and investors with opportunities around the world. Serving clients since 1922, we are proud to be the firm that businesses trust with their most complex legal matters.

GRC Analyst, Information security

The Role

The information security GRC analyst, reporting to the Director Information Security GRC, will support the implementation and maintenance of the organization’s Governance, Risk, and Compliance (GRC) program, with a strong focus on third party security compliance, security governance, and internal controls. This role will contribute to maintaining a formally structured, risk-based security framework aligned with industry standards such as ISO 27001 and ISO 22301. The position requires a minimum of three years of information security experience in a similar position and excellent communication skills.

Essential Functions

• Oversee the cybersecurity compliance program for third parties, including:
• Managing requests from clients, prospects, auditors, cyber-insurers, or others, related to our security program, to ensure a timely and accurate response to security questionnaires and associated requests.
• Managing the compliance of the Firm's key IT vendors with information security, to ensure the initial security due diligence, annual security re-certification, and continuous monitoring of the vendors' security profile.
• Assist with the performance of important internal security processes and controls, including:
• Tracking status and following up with the person responsible to ensure key internal security tasks are conducted in time and as per the annual schedule.
• Maintain security dashboards, metrics, and reports as required for the team, the IT Department and senior management.
• Making suggestions and improving existing security standards and procedures.
• Conduct security tasks as required to maintain the Firm's ISO 27001 and ISO 22301 certifications:
• Conducting limited internal security audits; Collaborate with IT and business units to remediate compliance gaps; Maintain documentation related to compliance activities, controls, and audit findings; Assist with ad-hoc security investigations; Stay current on emerging regulations, standards, and industry trends.

Qualifications

• Bachelor's degree in information technology, computer Science, cybersecurity, or related field
• Minimum three years of experience in IT compliance, risk management, or information security
• Knowledge of regulatory frameworks (e.g., ISO 27001, ISO 22301, NIST)
• Experience with security risk management processes and compliance tools
• Outstanding oral and written communication skills
• Excellent interpersonal relationship skills
• High-level of attention to detail and accuracy
• High degree of personal initiative and maturity with an ability to work with minimal supervision
• Ability to prioritize tasks effectively, respect deadlines, and report any issues or conflict in the performance of operational activities, and the planning and scheduling of tasks and projects
• Professional certifications as follows are an asset
• CISSP, CISA, CISM, CRISC
• SANS/GIAC, CompTIA Security+, CEH

Additional Details

• Compensation: $102,640-153,960 per annum
• Vacancy: This position is for an existing vacancy

Apply To

Human Resources

Bennett Jones Services Limited Partnership

3400 One First Canadian Place

P.O. Box 130

Toronto, ON M5X 1A4

E-mail: ***email_hidden***