GRC Analyst
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Benevity is seeking a GRC Analyst to support security governance, risk, privacy, and regulatory programs. The role involves compliance activities, risk assessments, third-party risk management, and client due diligence.
Key Skills for This Role
Responsibilities
- Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations
- Support policy exception management, attestation processes, and identify process improvements
- Assist with enterprise risk assessments, including vendor and process level reviews
- Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning
- Contribute to Third Party Risk Management program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking
- Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks
- Assist with evidence gathering, control validation, and auditor engagement
- Support the sales process by responding to client inquiries related to security, privacy, and compliance
- Complete customer security questionnaires, RFPs, and third party risk management requests
- Support privacy related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others)
- Assist with FINTRAC related compliance requirements, including reporting and risk assessments related to AML/ATF obligations
- Contribute to Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations
Requirements
- 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in SaaS or technology driven environment
- Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA
- Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata)
- Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering
- Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM)
- Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non technical stakeholders
- Strong organizational skills, attention to detail, and proactive approach to learning and problem solving
- Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP valued
Full Job Posting
High Level Overview
- Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program.
- In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen
- Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements.
What You'll Do
- Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
- Support policy exception management, attestation processes, and identify opportunities for process improvement.
- Assist with enterprise risk assessments, including vendor and process level reviews.
- Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
- Contribute to Benevity’s Third Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
- Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
- Assist with evidence gathering, control validation, and auditor engagement.
- Leverage GRC platforms to support audit, privacy, and compliance workflows.
- Support the sales process by responding to client inquiries related to security, privacy, and compliance.
- Complete customer security questionnaires, RFPs, and third party risk management (TPRM) requests.
- Partner with sales and client success teams to provide timely, accurate responses that build client trust.
- Support privacy related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
What You'll Bring
- 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co op, or academic project experience.)
- Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
- Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
- Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
- Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
- Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non technical stakeholders.
- Strong organizational skills, attention to detail, and a proactive approach to learning and problem solving.
- An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
- Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.
Meet Benevity
- Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about.
- Through giving, volunteering, grantmaking, employee resource groups and micro actions, we help most of the Fortune 100 brands build better cultures and use their power for good.
- We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits.
- We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!
Where We Work
- At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well being.
- For those located near one of our offices, while there’s no set requirement for in office time, we do value the moments when coming together in person helps us build connection and collaboration.
- Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Benevity
Staff Developer - AI/ML
Calgary, CAN
Benevity seeks a Staff Developer AI/ML to anchor machine learning and AI efforts, leading architecture of GenAI strategy. The role involves designing end-to-end ML architecture, defining AI infrastructure roadmap, and me
Software Development Manager
Vancouver, CAN
Benevity is looking for a Software Development Manager to lead teams in AI-led development and cloud infrastructure. You will own team throughput, foster a culture of high performance, and align team activities with busi
Product Marketing Manager (8 month Term)
Vancouver, CAN
Benevity is looking for a Product Marketing Manager to drive go-to-market strategy, positioning, and messaging for its SaaS solutions. The role involves owning product launches, developing value messaging, and collaborat
Product Marketing Manager (8 month Term)
Calgary, CAN
Benevity is seeking a Product Marketing Manager to lead go-to-market strategy, positioning, and messaging for its social impact technology solutions. The role involves owning product launches, developing sales enablement
Architect
Calgary, CAN
Benevity seeks a platform-first Architect to lead enterprise patterns for reliable, governed, AI-driven solutions. You will design data flow from ingestion to consumption, ensure AI systems are secure and auditable, and
Architect
Toronto, CAN
Benevity seeks a senior Architect to lead enterprise patterns for reliable, governed, AI-driven solutions. You will design data flows, mentor engineers, and drive AI governance architecture. Requires 7+ years in software
Senior Analyst, Global Money Movement
Calgary, CAN
Benevity is looking for a Senior Analyst to support the Global Money Movement finance team. The role involves financial modeling, cross-functional partnering, and reporting. Candidates should have 4-6 years of FP&A or st
Staff Developer - AI/ML
Calgary, CAN
Software Development Manager
Vancouver, CAN
Product Marketing Manager (8 month Term)
Vancouver, CAN
Product Marketing Manager (8 month Term)
Calgary, CAN
Architect
Calgary, CAN
Architect
Toronto, CAN
Senior Analyst, Global Money Movement
Calgary, CAN