Senior GRC Analyst

High-Level Overview

Benevity is seeking a Senior Governance, Risk & Compliance (GRC) Analyst to elevate our security governance, risk, privacy, and regulatory posture. In this senior role, you will drive the execution, innovation, and continuous improvement of Benevity’s GRC program. You will lead compliance activities, conduct risk assessments, contribute to third-party risk management, respond to client due diligence requests, support FINTRAC/AML obligations, and influence policies and controls that strengthen trust with our clients, partners, and stakeholders.

As a trusted advisor across teams, you will help ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements while fostering a culture of security, compliance, and accountability. You’ll also mentor junior members of the team, helping to grow Benevity’s next generation of security and compliance professionals, with a focus on developing proactive and innovative approaches to GRC challenges.

What you'll do:

Governance & Policy

• Contribute to the development, maintenance, and rollout of security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy approval, exception management, and attestation processes, actively seeking opportunities for process improvement and automation
  

Risk Management

• Lead and execute enterprise-wide risk assessments, including vendor and process-level reviews.
• Maintain and improve the risk register, track remediation activities, and support risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
  

Compliance & Audit

• Lead audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Coordinate evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to streamline audit, privacy, and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.
  

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory, Awareness & Mentorship

• Partner with business and technical teams to embed risk and compliance into projects and initiatives.
• Deliver reporting and insights (dashboards, risk metrics, executive summaries) for leadership.
• Lead Benevity’s Security Awareness & Training program, including the design, delivery, and continuous improvement of awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
• Mentor and coach junior team members, providing guidance, feedback, and knowledge sharing to support their growth and development.

What you'll bring:

• 5+ years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or high-growth environment.
• Strong knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and CCPA/CPRA.
• Hands-on experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to manage policies, risks, audits, privacy, and vendor risk workflows.
• Proven success in conducting risk assessments, managing vendor risk/TPRM, maintaining risk registers, and driving remediation.
• Experience supporting client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to clearly communicate risk, security, privacy, and regulatory concepts to both technical and non-technical stakeholders.
• Strong organizational and project management skills with experience leading cross-functional initiatives.
• A demonstrated interest and track record in leveraging automation and AI to streamline GRC processes and enhance efficiency.
• Certifications such as CISM, CRISC, CISSP, CISA, or CIPM/CIPP are highly valued.