Sr. IT Risk Compliance Analyst

Why you’ll love working here :

high-performance, people-focused culture

our commitment that equity, diversity, and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selves

membership in HOOPP’s world class defined benefit pension plan, which can serve as an important part of your retirement security

competitive, 100% company-paid extended health and dental benefits for permanent employees, including coverage supporting our team's diversity and mental health gender affirmation, fertility and drug treatment, psychological support benefits of $2,500 per year, and newly extended maternity / parental leave top of 26 weeks)

optional post-retirement health and dental benefits subsidized at 50%

yoga classes, meditation workshops, nutritional consultations, and wellness seminars

access to an annual wellness reimbursement program for health and wellness-related expenses for permanent and temporary employees

the opportunity to make a difference and help take care of those who care for us, by providing a financially secure retirement for Ontario healthcare workers

This posting is intended to attract candidates for multiple roles within our IT Governance, Risk, and Compliance team. If you are passionate about IT risk management and compliance and meet the qualifications, we encourage you to apply!

The Sr. IT Risk and Compliance Analyst plays an integral role within the IT Governance, Risk and Compliance (GRC) team of HOOPP’s Project Management Office and Governance ( PMO & Governance ).

PMO & Governance is one of six groups within the Information Technology Division of HOOPP.

The role is in a team of IT GRC professionals which report to the Senior Manager, Technology Governance, Risk & Compliance.

The Sr. IT Risk and Compliance Analyst is a leader in IT risk management and governance for the organization by delivering, optimizing, and maintaining HOOPP’s IT Risk Program.

The Sr. IT Risk & Compliance Analyst is responsible for working with IT teams in the effective management of technology risk to maximize value for HOOPP.

A primary goal of this role is to provide exceptional IT risk management and governance support, optimize HOOPP’s IT risk management and governance processes, and to foster, advocate for, and strengthen HOOPP’s IT risk culture.

The key activities that the Sr. IT Risk & Compliance Analyst is expected to support include risk reporting (KRIs & KPIs), risk assessments, monitoring and co-ordination risk related activities, policy and standards review, compliance checks, promoting risk awareness and refining the IT risk program.

This role requires both knowledge and leadership skills to understand HOOPP’s business and IT needs for effective risk management and working closely with various stakeholders across the IT teams and other stakeholders such as Enterprise Risk, Internal Audit, and business teams to maintain and strengthen the value proposition of IT GRC across the organization.

What you will do :

Connect with IT teams to understand their business processes, how they manage risks, and respond / advise on their risks and concerns.

Develop and update IT Governance documents including policies, standards, procedures, and guidelines in support of HOOPP's GRC practices.

Perform risk assessments for existing processes and new IT initiatives.

Assist in defining and maintaining IT Risk metrics and dashboards.

Design controls in partnership with IT teams to address risks.

Drive compliance related initiatives including the performance of gap assessments for new and existing policies and standards.

Promote risk awareness and culture.

Provide regular status updates ensuring stakeholders are aware of progress and roadblocks.

Maintain a thorough understanding of technology and GRC practices to assist with IT risk management in a rapidly changing IT environment.

Handle Ad-hoc requests or inquiries related to Risk and Control initiatives and function.

What you will bring :

Over 7 years of experience in IT Governance, IT Risk & Compliance, and IT Audit.

Bachelor’s degree in Business, Computer Science, Information System, Engineering, or equivalent experience

Experience in developing and / or reviewing IT Governance documents such as policies, standards, and procedures.

Experience with control and risk frameworks, performing compliance and risk assessments, designing controls, and overseeing mitigation projects.

Experience in developing and reporting performance and risk metrics, such as KPIs, KRIs, SLA’s, OKR reporting and dashboards for executive leadership teams.

Understanding of risk methodologies, frameworks, and practices (ISO standards, COBIT, CIS, COSO, NIST, etc.)

Good verbal and written communication skills, especially communicating across all levels and cross functional teams.

Technical knowledge of technology platforms (Operating systems and Databases).

Experience in the Financial Services Industry is an asset.

Knowledge of public cloud infrastructure (Azure and Amazon Web Services) is an asset.

Experience working in an agile environment (software development, infrastructure, and shared services)

Experience with ServiceNow GRC platform is preferred.

Preference given to candidates with one or more industry certifications such as CRISC, CISA, CISM, CGEIT, CISSP etc.

Independent and results oriented

Collaborative, independent, and forward thinking

Pays attention to detail

A team player with excellent interpersonal skills (loyal, empathetic, caring)

Have sound judgement. Ability to balance efficiency in delivery’ vs. standards / processes’

A confident decision-maker

Able to influence in a matrix

A strong communicator (both written and oral)

Have superior analytical and issue resolution skills

A high level of initiative and professionalism

A willingness to multi-task and be flexible to take on varied responsibilities

Takes ownership of tasks and drives initiatives through to completion

Calm and patient under pressure. Thrive in a changing, dynamic environment

Able to see the big picture while paying attention to important details