Governance, Risk & Compliance Analyst

Posted:
11/6/2024, 4:54:07 AM

Location(s):
Ontario, Canada ⋅ Toronto, Ontario, Canada

Experience Level(s):
Junior ⋅ Mid Level ⋅ Senior

Field(s):
Legal & Compliance

Workplace Type:
Hybrid

TRADER Corporation is a trusted Canadian leader in online media, dealer and lender services. The company is comprised of AutoTrader.ca, AutoSync and Dealertrack Canada. AutoTrader.ca (AutoHebdo.net in Quebec) offers the largest inventory of new cars and used cars in Canada, receiving over 25 million monthly visits to its marketplace. With over 3,500 subscribers and counting, AutoSync is the largest and fastest growing dealer and OEM software provider in Canada. The platform's suite of connected automotive software solutions brings advertising, conversion and operational support together, synchronizing the entire retail process. AutoSync's diverse range of offerings includes: vAuto, EasyDeal, xtime, Motoinsight, Activix, TAdvantage and TRFFK. Dealertrack is Canada’s largest automotive financing portal, enhancing efficiency and profitability for all major segments of the automotive, marine, recreational vehicle, motorcycle and powersport retail industries. Over 6.5 million credit applications are submitted via the Dealertrack Canada portal each year. Collateral Management is a national, end-to-end, managed technology solution that offers industry insight and multi-channel collection strategies to maximize funds recovered. Collateral Management helps you remain compliant in all jurisdictions, alleviating your exposure to reputational and financial risks. Visit tradercorporation.com to learn more..

Summary
Governance, Risk and Compliance is accountable for the design and implementation of Trader Corporation’s GRC Framework that sets out the company's policies, processes and practices as well as executes on the identification, assessment, reporting, mitigation and control of operational and financial crimes risk. As an integral part of the team, the GRC Analyst, you will be responsible for planning, executing, and supporting the creation an implementation of our GRC program across our organization. You will work closely with control managers, analysts, and stakeholders to ensure that our GRC goals and objectives are met. You will assist the GRC leader in program rollout, internal and external operational audits and assessments, and report on risk.

GRC acts as an independent risk management function responsible for ensuring the Company has an effective risk management and compliance program to manage risk within the Company’s risk appetite.

This position reports to the Sr. Director GRC.

Responsibilities
·      Actively participate in the planning and implementation of the Trader Corporation GRC program, including - defining and enhancing risk appetite, policies, procedures, risk metrics, control library, risk training, compliance, regulatory affairs, risk reporting and audit preparation.
·      Support Management in determining strategy, roadmap and overall direction for the GRC program.
·      Support and grow the Governance, Risk, and Compliance function.
·      Maintain and monitor security and privacy policies and training programs in partnership with other stakeholders.
·      Support and strengthen privacy and security risk management programs within the organization.
·      Collaborate with internal and external resources in conducting compliance audits.
·      Provide reporting on key performance indicators (KPIs) for compliance programs and security risks.
·      Manage the third-party risk management process for external vendors.
·      Manage and respond to customer and prospect security questionnaires and requests.
·      Manage and respond to requests under GDPR/CCPA and other applicable privacy laws
·      Manage issues/gap identification and remediation, including drafting and communication/discussion with Stakeholders.
·      Collaborating with all stakeholders – risk subject matter experts, senior management and control managers, to ensure timely delivery of accurate, complete and meaningful risk feedback to help bring a more risk informed view to decision making, and to help protect the organization from negative risk events.
·      Responsible for coordination and production of risk material for senior management, external and internal stakeholders.
·      Creation and sustainment of procedures that support the execution of key accountabilities.
·      Provide guidance and support to teams and stakeholders on security best practices, processes, and tools.
·      Assist with the assessment and implementation of new security solutions.
·      Manage risk projects. 

Qualifications
·      Bachelor's degree in computer science, information security, or related field, or equivalent work experience.
·      3 or more years of experience in security risk management, information security, or other GRC areas.
·      Practical experience with one or more security or risk management standards (e.g. SOC2, ISO27001, NIST CSF, COSO, PCI DSS).
·      Excellent analytical skills and ability to analyze security requirements and relate them to appropriate controls.
·      Experience managing simultaneous projects across multiple teams.
·      Strong verbal and written communication skills with the ability to tailor communication on the other party
What’s in it for you…
-We understand that there is life at work and life outside of work. Here are a few benefits we all benefit from that support us to be our creative best.
 
Fitness and wellness
-We provide discounts to nation-wide gyms, onsite gyms (when we’re in the office), an Employee and Family Assistance Program, as well as a virtual wellness program.
 
Benefits from Day 1
-Gym discounts
-Local in-office free gyms
-Employee and Family Assistance program
-Weekly virtual wellness events
-Conferences & training budget
-Regular internal training programs
 
Financial planning
-Let us help you invest in your future with 3% matching towards your pension and multiple forms of income protection.
 
Competitive salary
-Annual bonus structure
-3% CPP matching