ITGRC Analyst

Dye & Durham Limited is a leading provider of cloud-based software and technology solutions designed to improve efficiency and increase productivity for legal and business professionals. Dye & Durham provides critical information services and workflows, which clients use to manage their process, information, and regulatory requirements. The Company has operations in Canada, the United Kingdom, Ireland, and Australia, and has a strong blue-chip customer base that includes law firms, financial service institutions, and government organizations.

As an IT Governance, Risk and Compliance Analyst, you will apply your subject matter expertise in IT risk management and compliance to enhance and implement policies and standards, maintain control assurance activities, support IT audits, evaluate and improve IT controls, execute security and risk assessments, provide insights and guidance to IT and business stakeholders, and assess and document compliance with laws, regulations, directives, and contracts. You will also support the governance, risk and compliance tooling, and the vendor risk management program.

You will report to the Manager of IT Governance, Risk and Compliance and work closely with various stakeholders across the organization. You will also have strong communication and collaboration skills, as well as the ability to recommend risk treatment or mitigation strategies that align with the tactical and strategic priorities of the company. If you are looking for a challenging and rewarding role in a dynamic and innovative organization, this is the opportunity for you.

The ideal candidate will have strong knowledge and work experience in IT general controls, ISO27001 and SOC2 frameworks, and can work with local and global IT and business partners to provide guidance and support to the company.

Under the direction of the Manager of IT Governance, Risk and Compliance, the successful candidate will:

• Support the ITGRC program and the global Information Security Management System (ISMS) for a large portfolio of applications, ensuring sustainable compliance practices across the company.

• Evaluate and monitor compliance to D&D's IT controls, policies and standards and perform gap assessments. Map and maintain common controls framework and control scope/applicability for a portfolio of compliance initiatives.

• Facilitate and coordinate numerous ad hoc and periodic internal/external assessments, audits, and certifications, such as vendor assessments by key customers, ITGC and SOC 2 audits, and ISO 27001 certification, including evidence gathering, walkthrough coordination and management response to identified findings.

• Assist in driving the vendor / partner security risk assessment program using D&D's 3rd-party risk assessment tool and support the vendor due diligence process.

• Support the implementation and ongoing management of an enterprise IT Governance, Risk and Compliance solution to enhance the company's risk management and risk reporting/tracking capabilities.

• Support the development and maintenance of D&D's global risk register and support risk treatment planning, monitoring, and reporting processes.

• Deploy a repeatable playbook for onboarding each acquired company onto the ISMS.

• Collaborate with D&D's Legal department to incorporate new requirements from applicable legal/regulatory changes.

• Interface with global IT and business partners to provide guidance and support.

• Document and report control failures and gaps to stakeholders / control owners. Provide remediation guidance and prepares stakeholders' reports to track remediation activities.

• Evaluate and report any security/compliance risks to track as part of the company risk register. Consult on developing security standards, procedures, and controls to manage risks.

What you will bring:

• Degree or diploma in Computer Science, Cyber Security or related field

• 5+ years of experience working with applicable information security management, compliance principles, IT standards, controls and audit

• Skills in control analysis, risk analysis, process assessment, consulting, data analysis, audit, vendor and contract management

• Understanding of fundamental information security concepts and technology

• Strong analytical and critical thinking skills

• Excellent communication and presentation skills; ability to communicate technical concepts to a broad range of technical and non-technical management and staff

• Ability to work with multiple internal and external stakeholders in a dynamic and fast-paced global operation.

Additional skills that would be an asset:

• Professional certification or progress towards certification in one or more of the following areas: CRISC, CISSP, CISA

• Working knowledge of NIST, Cyber Essentials and other security frameworks/standards

• Experience in financial services or other highly regulated industries

• Strong technical skills in SharePoint and work process flows

• Experience with legislative and regulatory compliance requirements such as GDPR

• Experience with GRC platforms such as AuditBoard, Upguard and others

• Ability to communicate in French

At Dye & Durham we strive to be visionaries! As a leader in our field, we ensure our employees are ready for the next challenge in their journey with us by offering internal and external training opportunities. We offer competitive salaries, a whole host of benefits such as, overseas transfer opportunities, healthcare, pension, company discounts, wellness programs, paid days off to move house or volunteer for your favourite charity.
Do you share our DNA?

• We ask how tomorrow can be better than today
• We are passionate about solving our customer's challenges
• Our ideas break boundaries
• We value different perspectives and encourage dialogue
• We take ownership and celebrate together