Senior GRC Analyst

Job Description
McCarthy Tétrault is a Canadian law firm that offers a full suite of legal and business solutions to clients in Canada and around the world. At McCarthy Tétrault, we offer challenging and rewarding career opportunities in our offices in Toronto, Montreal, Quebec City, Calgary and Vancouver. We are delighted to have earned the distinction of one of Canada's Best Diversity Employers for the thirteenth consecutive year in 2025. Our culture is built on professional excellence, collaboration, innovation, thought leadership and entrepreneurialism. We embrace inclusion in all its forms and we provide the tools and opportunities to help our people develop to their full potential.

We are recruiting for a
Senior GRC Analys
t to join our team in our
Toronto
and
Calgary
office. The successful candidate must have a minimum of 5 years of experience in Cybersecurity and will be responsible for Risk Assessments, Security Awareness and Training, Internal and External Audits. McCarthy Tétrault employees benefit from a hybrid work environment.

As a Senior GRC Analyst, you will be:

• Implementing and maintaining GRC policies, procedures, and controls aligned with ISO/IEC 27001:2022, NIST, and other relevant standards.
• Conducting risk assessments across business units, IT systems, and third-party vendors. Tracking and reporting on risk mitigation plans and residual risk.
• Monitoring regulatory changes (e.g., PIPEDA, GDPR, Quebec Law 25) and ensuring timely updates to internal controls and documentation.
• Coordinating internal and external audits, including evidence collection, control testing, and remediation tracking.
• Preparing dashboards and reports on risk posture, compliance status, and control effectiveness for review by the GRC Manager and senior leadership.
• Developing and delivering GRC-related training and awareness sessions to promote a culture of compliance and risk ownership.
• Capturing and documenting risks for inclusion in the enterprise risk register, ensuring traceability and accountability.
• Administering GRC platforms (e.g., Archer, ServiceNow GRC) and contributing to automation of workflows and reporting.
• Identifying opportunities to enhance risk management processes and drive a culture of security and compliance across the organization.
• Advising senior leadership on emerging risks, regulatory trends, and best practices.
• Influencing and building consensus among diverse stakeholders, including both technical and non-technical teams.

As our ideal candidate, you will distinguish yourself by the following profile:

• Bachelor's degree in Information Security, Risk Management, or a related field.
• Minimum 5 years of experience in GRC, risk management, or compliance roles.
• Certifications such as ISO/IEC 27001 Lead Auditor, CIPP, CISM, CRISC, or CISSP preferred.
• Strong analytical, communication, and interpersonal skills, with the ability to translate technical risks into business impact, influence decision-making, and build consensus across diverse stakeholders.
• Experience working in cross-functional teams and managing multiple priorities.
• Familiarity with change management, disaster recovery, and business continuity practices.
• Experience with workflow automation and reporting within GRC or AI platforms is an asset.
• Hands-on experience with GRC tools (e.g., Archer, ServiceNow GRC) is preferred.

As a member of the McCarthy team, you will have access to:

• Outstanding benefits from day one, including insurance premiums paid by the Firm and wellness and technology reimbursements.
• Competitive compensation, paid overtimeand generous time off, including a day off to volunteer and a day off for your birthday.
• A commitment to professional development and growth opportunities for our people at all levels, supported by a culture that fully embraces and encourages two-way feedback.
• Strong community involvement and a commitment to equity, diversity and inclusion.
• A collaborative, cohesive culture that connects lawyers and business teams through collective purpose.

How to Apply:
We encourage external candidates to apply online and internal applicants must apply directly through our internal careers portal on Espresso. We look forward to receiving your application.

We thank all applicants for their interest in McCarthy Tétrault; however, only chosen applicants will be contacted. We regret that we are unable to respond to individual inquiries about application status. McCarthy Tétrault is an equal opportunity employer that fosters an inclusive, equitable, and accessible environment. Please notify us if you require accommodation at any time during the recruitment process.