Senior Analyst – IT Governance, Risk and Compliance

Markham, ON, Canada Req #2497

Proudly Canadian-owned, Enercare is committed to providing the best services, solutions and advice to make customer’s homes as comfortable as they can be. With Enercare Advantage, we provide affordable clean air and water solutions for homes and workplaces. We are committed to operating in an environmentally responsible way, including keeping as much waste out of landfills as possible, and giving back to the communities where we live and work. Enercare is about putting people first by listening to our customers, continuous improvement and making our organization a destination for building people’s careers.

Come and join one of North America's largest home and commercial services and energy solutions companies We offer comprehensive benefits, a DC Pension Plan and savings match plan. If you are passionate about joining an organization committed to delivering 5 Star Customer Service, we would love to hear from you.

Enercare has embraced a hybrid work environment for the time being as we try different options and technologies to determine what will work best for the future of our people and our organization. Join us with an open mind on the future of work

Role: Senior Analyst – IT Governance, Risk and Compliance

Status: Regular, Full-Time

Department: Information Technology

Reports: Director, IT Governance, Risk and Compliance

Location: Hybrid - Markham

Summary:

The Senior Analyst – IT Governance, Risk and Compliance (IT GRC) will manage activities within Canada and US, as part of the IT GRC team, and report directly to the Director, IT GRC. The person will be instrumental in collaborating across IT, business, and internal / external audit teams especially for the compliance process.

A great fit for this role is someone with working experience in the field and who has assisted in planning, testing, execution and reporting on IT Governance, Risk and Compliance, especially processes and controls for Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Data Security Standards (DSS) and/or compliance programs.

Responsibilities :

IT Governance

• Responsible for, where required, writing, or advising on IT Policies, Standards, Guidelines, Procedures, Plans, Playbooks & Standard Operating Procedures (SOPs) and ensure alignment to industry standards, best practices, regulatory requirements, IT enterprise policy framework & management requirements.
• Ensuring policies are reviewed on schedule & communicated to all relevant parties in compliance with processes and at times could include reviewing and contributing to non-IT owned policies.
• Ensure that IT procedures, controls and documentation are sufficient across IT, provide advice on gaps and support or guide teams in filling those gaps.
• Responsible for performing gap analysis of IT governance and remediating gaps or working with department management to remediate gaps.
• Supporting the Data Governance program and records information management programs
• Performing all aspects of an IT risk management program. This includes assessing risk (to industry frameworks and in line with Enterprise risk tolerance and appetite), documenting technical details as well as documenting risk in a way that is easily understood by non-technical people.
• Reviewing & assessing management responses, ensuring that risks are sufficiently mitigated, and documenting justification and reasoning.
• Performing risk assessments of vendors that the Company works with and providing advice on any iterative improvements to that process.
• Facilitating periodic risk review sessions with IT leadership, performing assessments and to ensure consistent patterns of risk management processes across the Company.
• Manage the third-party risk management process for external vendors.

IT Compliance

• Assist with the IT Compliance programs (e.g., SOX, PCI DSS) including planning, testing, execution, monitoring and reporting of new and existing processes and controls.
• Participate in annual and ongoing IT Compliance (e.g., SOX) scoping to identify any changes to the systems, applications, and automated controls considered to be in-scope for the current fiscal year.
• Manage IT Compliance readiness, such as control identification and testing for new systems, applications, and automated controls.
• Lead IT General Control (ITGC), and application control (ITAC) (as applicable), walkthroughs for new or complex processes and systems
• Develop, update and/or review IT process documentation for accuracy, completeness and relevance and update as necessary.
• Coordinate IT SOX program testing for ITGC, and ITAC (as applicable) with co-sourced internal audit IT team members, external audit IT team members, control owners, managers and executive management.
• Evaluate IT control deficiencies for impact and perform root cause analysis to determine appropriate management actions.
• Monitor management’s remediation efforts to closure, including review of supporting evidence.
• Provide regular IT Compliance program status reporting to the IT team, Internal Audit and Senior IT management (as needed)
• Assisting with benchmarking and other initiatives to improve controls, make processes more efficient, effective, and/or reduce cycle time for IT SOX and PCI DSS compliance.
• Work closely with cross-functional teams including IT Operations, Accounting/Finance, and Internal/External Audit.
• Collaborate with internal and external auditors to ensure IT SOX and other compliance program requirements are being met.
• Ensure new software programs meet compliance requirements before they are made operational.
• Support and manage detailed testing of controls to ensure risks are appropriately identified, associated audit procedures are applied, and related controls are designed and operating to mitigate the identified risks.
• Training of IT GRC to the IT and Business teams.
• Build trust and positive working relationships with auditors, business stakeholders, IT teams, and senior management to ensure alignment between IT strategy and business objectives.
• Collaborating with Project, IT development and operations teams to identify, collect and optimize IT resources to meet business requirements.

Qualifications:

• Bachelor’s degree or higher, preferably in Information Technology (IT), Information Security, Computer Science or other technical discipline; Finance/Accounting is acceptable.
• 5+ years of progressive experience in IT Governance, Risk Management, Compliance and/or Audit (e.g., Operations, Financial, IT); Project management experience is desired.
• Designations and Certifications in one or more of the following areas: CPA (CA, CMA, CGA), CISA, GRCP, CGRC, CIA is preferred
• CISSP, GIAC, CGEIT, CRISC, CISM, CDPSE, ISO 27001 are an asset.
• Demonstrate previous success working with IT GRC programs.
• Advanced knowledge and experience with SOX, PCI DSS and related industry standards/frameworks is required.
• Knowledge of CIS, ISO 27001, COBIT, NIST and related industry standards/frameworks is preferred.
• Possess strong communication and collaboration skills, to provide solutions and translate in both technical and non-technical manners.
• Illustrated ability to deliver projects on time and within budget in fast moving environment and competence in managing several projects.
• Prior experience in large professional services, consulting, and audit companies, including Big 4 firms, is strongly desired.
• Experience in supporting compliance with applicable privacy laws, is an asset.

Enercare is an equal opportunity employer. We are committed to equal employment opportunity regardless of race, colour, ancestry, national origin, religion, sex, age, sexual orientation, gender identity, citizenship, marital status, disability, pregnancy, military status, protected veteran status or other characteristics protected by applicable law. Enercare’s recruitment process includes accommodation for applicants with disabilities in accordance with applicable provincial accessibility laws and regulations. All accommodations will take into account the applicant’s accessibility needs due to disability and are available upon request.