Auditor/analyst, IT Governance Risk and Compliance

**About Vancity**

Vancity is a member-owned credit union built on the principles of inclusion and social justice. A relentless commitment to their values has helped them challenge the status quo and break down barriers since day one in 1946. They have bold commitments to make Vancity net-zero by 2040 across all mortgages and loans and are pursuing strategies on Indigenous banking and to improve the financial resilience of their members.

**About the workplace**

This is a permanent, full-time role that will enjoy hybrid working arrangements which can be fulfilled primarily from the Vancity head office location and your Lower Mainland based home office. This role may require you to work on-site at least once a week.

Join our IT Governance, Risk, and Compliance (IT-GRC) team as an Auditor and Analyst. This role be ensuring our internal information security and system controls are top-notch, and performing Third-Party Risk Management (TPRM) and vendor risk assessments as part of our IT-TPRM initiative. You will work closely with internal stakeholders and vendors to ensure that security and compliance risks are identified, assessed, and managed effectively in line with internal policies, regulatory requirements, and industry best practices.

**A typical day would involve**:

- Develop internal controls and test procedures to audit the related processes to ensure the operating effectiveness of these controls.
- Conducting third-party risk assessments to evaluate vendor security and compliance controls by reviewing vendor documentation, engaging with internal stakeholders to understand business requirements, and identifying security and compliance gaps.
- Maintaining and improving third-party risk management processes, tools, and workflows to streamline risk assessments, audit procedures, and reporting.
- Working with procurement, vendor management, legal, and other business teams to perform due diligence on new vendors, and ensure security and compliance requirements are met before onboarding.
- Evaluating third-party security incidents or breaches, or vulnerabilities, and coordinating investigation efforts with internal teams and vendors

**You have**:

- Bachelor’s in Information Technology, Risk Management, Business, or a related field
- 2 -5 years of related experience in IT Governance, Risk, and Compliance (GRC), Third-Party Risk Management, or Information Security
- A solid understanding of relevant cyber security standards and frameworks such as NIST, ISO 27001, AICPA SOC reports, OSFI, PIPEDA.
- Prior working knowledge in reviewing SOC1, SOC2 and ISO 27001 reports and attestations.
- Experience reviewing vendor security controls, evaluating compliance artifacts, and analyzing security risks.
- Strong attention to detail and analytical thinking to identify vendor security risks and assist in remediation tracking.
- Excellent communication and stakeholder management skills to engage with vendors and internal teams.
- A proactive mindset with the ability to work independently and manage multiple priorities in a fast-paced environment.

**Bonus point(s)**:

- Experience in IT, Audit, Risk Management, Information Security, or a combination of these
- Information Security related certifications and training such as CISA, CRISC, and CISM
- An undergraduate degree (preferably in Cyber Security, Computer Science, Engineering, or highly related field)

**You are**:

- **Detail-Oriented**: You have a sharp eye for identifying security gaps and areas of
- improvement in vendor security practices.
- **Analytical**: You can balance business needs with risk considerations and provide pragmatic recommendations.
- **Proactive & Adaptable**: You anticipate challenges and take action to address them before they escalate.
- **Collaborative**: You work effectively with cross-functional teams, including Procurement, Legal, and IT Security.
- **A Clear Communicator**: You can translate technical risk concepts into business-friendly
- language for stakeholders.
- **Driven by Continuous Improvement**: You are always looking for ways to refine processes and enhance risk management effectiveness.

**Posting Deadline: Posted until filled**

A career at Vancity is more than just a job, you’re joining a tradition of change-makers who are creating lasting change for our communities. Beyond base pay, we offer a comprehensive total rewards package to ensure our employees are empowered to thrive:
**We offer**:

- We are the largest private-sector Living Wage Employer in Canada and have been consistently recognized as one of the Top Employers in Canada.
- Our permanent employees qualify for attractive benefit packages that can be customized and changed each year to meet their evolving needs.
- New employees receive between three to four weeks of vacation allowance per calendar year, and the number of vacation days grows
- In addition to the 10 statutory holidays in British Columbia, Vancity provides an additional three statutory holiday