Senior Analyst - IT Governance, Risk and Compliance

Enercare Inc. is one of Canada’s largest home and commercial services companies, providing leading products and services in heating, cooling, plumbing, electrical, water heating and water purification.

Our purpose is to provide energy-efficient products and services to our customers, so together we can take action for a greener tomorrow, starting in our homes and buildings.

We are a company that believes strongly in the health, safety and wellness of our people. Enercare is a place where careers are made.

We take pride in caring for and continually striving to make a positive impact in the communities we operate in. In our values and our ambitions, we embrace change, and support our team members along the way.

Nationally, Enercare Inc. operates under several brands including Enercare, Service Experts, HydroSolution, Pioneer Plumbing & Heating, and Syles Mechanical Services, servicing Canadians in Ontario, Manitoba, Saskatchewan, Alberta, British Columbia, Quebec and New Brunswick.

We are united through our joint commitment to excellent customer service to the Canadians we service every day, and our mission to contribute to a resilient, sustainable future.

Enercare Inc. Is wholly owned by Brookfield Infrastructure Partners LP ( Brookfield ), a global leader in the management of alternative assets across real estate, infrastructure, renewable power, and private equity.

Summary :

The Senior Analyst IT Governance, Risk and Compliance (IT GRC) will manage activities within Canada and US, as part of the IT GRC team, and report directly to the Director, IT GRC.

The person will be instrumental in collaborating across IT, business, and internal / external audit teams especially for the compliance process.

A great fit for this role is someone with working experience in the field and who has assisted in planning, testing, execution and reporting on IT Governance, Risk and Compliance, especially processes and controls for Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Data Security Standards (DSS) and / or compliance programs.

Responsibilities : IT Governance

IT Governance

• Responsible for, where required, writing, or advising on IT Policies, Standards, Guidelines, Procedures, Plans, Playbooks & Standard Operating Procedures (SOPs) and ensure alignment to industry standards, best practices, regulatory requirements, IT enterprise policy framework & management requirements.
• Ensuring policies are reviewed on schedule & communicated to all relevant parties in compliance with processes and at times could include reviewing and contributing to non-IT owned policies.
• Ensure that IT procedures, controls and documentation are sufficient across IT, provide advice on gaps and support or guide teams in filling those gaps.
• Responsible for performing gap analysis of IT governance and remediating gaps or working with department management to remediate gaps.
• Supporting the Data Governance program and records information management programs

IT Risk Management

• Performing all aspects of an IT risk management program. This includes assessing risk (to industry frameworks and in line with Enterprise risk tolerance and appetite), documenting technical details as well as documenting risk in a way that is easily understood by non-technical people.
• Reviewing & assessing management responses, ensuring that risks are sufficiently mitigated, and documenting justification and reasoning.
• Performing risk assessments of vendors that the Company works with and providing advice on any iterative improvements to that process.
• Facilitating periodic risk review sessions with IT leadership, performing assessments and to ensure consistent patterns of risk management processes across the Company.
• Manage the third-party risk management process for external vendors.

IT Compliance

• Assist with the IT Compliance programs (e.g., SOX, PCI DSS) including planning, testing, execution, monitoring and reporting of new and existing processes and controls.
• Participate in annual and ongoing IT Compliance (e.g., SOX) scoping to identify any changes to the systems, applications, and automated controls considered to be in-scope for the current fiscal year.
• Manage IT Compliance readiness, such as control identification and testing for new systems, applications, and automated controls.
• Lead IT General Control (ITGC), and application control (ITAC) (as applicable), walkthroughs for new or complex processes and systems
• Develop, update and / or review IT process documentation for accuracy, completeness and relevance and update as necessary.
• Coordinate IT SOX program testing for ITGC, and ITAC (as applicable) with co-sourced internal audit IT team members, external audit IT team members, control owners, managers and executive management.
• Evaluate IT control deficiencies for impact and perform root cause analysis to determine appropriate management actions.
• Monitor management’s remediation efforts to closure, including review of supporting evidence.
• Provide regular IT Compliance program status reporting to the IT team, Internal Audit and Senior IT management (as needed)
• Assisting with benchmarking and other initiatives to improve controls, make processes more efficient, effective, and / or reduce cycle time for IT SOX and PCI DSS compliance.
• Work closely with cross-functional teams including IT Operations, Accounting / Finance, and Internal / External Audit.
• Collaborate with internal and external auditors to ensure IT SOX and other compliance program requirements are being met.
• Ensure new software programs meet compliance requirements before they are made operational.
• Support and manage detailed testing of controls to ensure risks are appropriately identified, associated audit procedures are applied, and related controls are designed and operating to mitigate the identified risks.
• Training of IT GRC to the IT and Business teams.
• Build trust and positive working relationships with auditors, business stakeholders, IT teams, and senior management to ensure alignment between IT strategy and business objectives.
• Collaborating with Project, IT development and operations teams to identify, collect and optimize IT resources to meet business requirements.

Qualifications :

Bachelor’s degree or higher, preferably in Information Technology (IT), Information Security, Computer Science or other technical discipline;

Finance / Accounting is acceptable.

5+ years of progressive experience in IT Governance, Risk Management, Compliance and / or Audit (e.g., Operations, Financial, IT);

Project management experience is desired.

• Designations and Certifications in one or more of the following areas : CPA (CA, CMA, CGA), CISA, GRCP, CGRC, CIA is preferred
• CISSP, GIAC, CGEIT, CRISC, CISM, CDPSE, ISO 27001 are an asset.
• Demonstrate previous success working with IT GRC programs.
• Advanced knowledge and experience with SOX, PCI DSS and related industry standards / frameworks is required.
• Knowledge of CIS, ISO 27001, COBIT, NIST and related industry standards / frameworks is preferred.
• Possess strong communication and collaboration skills, to provide solutions and translate in both technical and non-technical manners.
• Illustrated ability to deliver projects on time and within budget in fast moving environment and competence in managing several projects.
• Prior experience in large professional services, consulting, and audit companies, including Big 4 firms, is strongly desired.
• Experience in supporting compliance with applicable privacy laws, is an asset.

Enercare is an equal opportunity employer. We are committed to equal employment opportunity regardless of race, colour, ancestry, national origin, religion, sex, age, sexual orientation, gender identity, citizenship, marital status, disability, pregnancy, military status, protected veteran status or other characteristics protected by applicable law.

Enercare’s recruitment process includes accommodation for applicants with disabilities in accordance with applicable provincial accessibility laws and regulations.

All accommodations will take into account the applicant’s accessibility needs due to disability and are available upon request.