Senior Cybersecurity Operations Analyst (Level 18) Principal Cybersecurity Operations Analyst (Level 19), Governance, Risk and Compliance (GRC)

Application deadline: November 27 2025

Join the EDC Team!

At EDC we support Canadian businesses to succeed globally. We provide the financial tools and expertise they need to explore new markets reduce risks all towards the goal of making Canada and the world better through trade. #LI-Hybrid

Position:Senior Cybersecurity Operations Analyst (Level 18) / Principal Cybersecurity Operations Analyst (Level 19) Governance Risk and Compliance (GRC)

Employment Type:Permanent

Compensation Details:

Security Operations 18: Salaries typically range from $94664 to $126219 annually based on qualifications and experiences plus a performance-based incentive.

Security Operations 19: Salaries typically range from $109810 to $146413 annually based on qualifications and experiences plus a performance-based incentive.

Location:

Export Development Canada operates in a hybrid work environment currently requiring employees to work in the office 2 days per week. (subject to change)

This role can be performed from EDCs headquarters in Ottawa or from one of our Community Hubs located in Toronto Mississauga Montreal Laval or Brossard.

• Relocation assistance is available for eligible candidates.

About EDC:

At Export Development Canada (EDC) we empower Canadian businesses to succeed globally. As a financial Crown corporation we offer innovative financial solutions and expert insights to help businesses explore new markets mitigate risks and achieve growth.

Why Join EDC

• Comprehensive Benefits: EDC offers a competitive compensation & benefits package work-life balance & the opportunity to help make Canada and the world better through trade.

• Work-Life Balance: EDC offers a competitive compensation package & work-life balance. We have hybrid work options 3 to 4 weeks paid vacation a corporate closure period summer early Fridays & no meeting Fridays.

• Professional Development: Take advantage of our continuous learning opportunities including training programs workshops and language training.

• Inclusive Culture: Be part of a diverse and inclusive workplace that champions employment equity & values diversity of ideas strengths & backgrounds to succeed.

• Wellness Programs: Access to wellness initiatives mental health support and fitness programs to keep you healthy and happy.

• Community Engagement: Participate in volunteer opportunities and give back to the community through our various social responsibility programs.

Team and Job Overview:

The Digital & Technology Solutions (DTS) group under the leadership of the Chief Information Officer was established in 2023 with the mission of empowering our customers and colleagues to take on the world by seamlessly delivering secure and reliable digital experiences. Digital & Technology Solutions has set out to achieve the following objectives for EDC:

Define execute and sustain the integrated technology target state target data model and technology operations required to enable EDCs 2030 business transformation.

Establish and manage the rolling 3 Year Digital Roadmap that sequences the technology outcomes required to achieve the technology target state and facilitate its execution across all domains in the organization.

Keep pace with industry trends and emerging technologies ensuring EDC has access to the digital technology tools it needs to stay relevant in the market and grow Canadian global trade.

Lead and ensure integrated digital data infrastructure and cybersecurity implementations to create excellent customer user and employee experiences.

This is your opportunity to join a cybersecurity team with a business-first mindset. You will be part of a growing team of cybersecurity professionals that value transparent communication collaboration with various internal and external stakeholders and support innovation while being equally committed to achieving information security risk targets and delivering on the planned security program obligations.

The Senior Cybersecurity Operations Analyst / Principal Cybersecurity Operations Analyst is responsible for leading and supporting the development implementation and maintenance of cybersecurity governance risk management practices and compliance initiatives applying industry recognized frameworks. This role ensures that EDCs cybersecurity posture aligns with customer and regulatory requirements industry standards technology advancements and internal policies. The specialist collaborates with cross-functional teams to establish cybersecurity governance identify assess and manage risks develop controls and monitor compliance across the organization.

Reporting into the Director Cyber GRC & Program/Portfolio is responsible for overseeing the operational and tactical direction development and management of the organizations Cyber risk management operating model aligned with the overall cybersecurity strategic direction contributes to strategy and delivers the required cyber risk management governance risk and compliance services.

What you will be doing:

Governance Development: Develop and maintain cybersecurity governance frameworks policies standards and guidelines.

Risk Management: Lead risk assessment services ensure appropriate mitigation strategies are in place and provide support to risk oversight.

Compliance Monitoring: Manage exemptions and monitor compliance with internal policies risk assessments and external requirements.

Audit Support: Support audits and assessments by preparing documentation and coordinating responses.

Cross- Functional Collaboration: Collaborate with IT Legal and business units to ensure alignment of cybersecurity practices.

Threat Awareness: Maintain awareness of emerging threats vulnerabilities and regulatory changes.

Stakeholder Training: Provide guidance and training on GRC-related topics to internal stakeholders.

Risk-Informed Strategy: Utilize insights from security operations and incident response to inform risk management strategies.

Metrics & Reporting: Contribute to the development of metrics and reporting mechanisms for cybersecurity governance.

Teamwork: Provide recommendations on prioritization and guidance on work execution to the team members.

Policy Development: Establish policies standards and procedures to ensure compliance with regulatory requirements and industry best practices.

Technology Management: Evaluate select and coordinate the implementation of GRC technologies and tools to enhance the organizations security posture.

Partnerships: Establish strong partnerships with channels service communities and external parties (managed services and other partners) accountable for building and integrating into enterprise risk.

Stakeholder Collaboration and Communication: Partner with technology and business channels to develop a control program and promote control adoption foster a customer-focused culture to strengthen client relationships.

Governance and Process Improvement: Develop and enforce Cyber policies and standards promote best practices through governance and design frameworks and drive continuous process improvements to ensure compliance and effective service delivery aided by capability maturity models.

Vendor Management: Coordinate third-party risk management activities including review of risk assessments and monitoring of third parties security posture.

What we are looking for:

Bachelors degree in Computer Science Information Security or a related field.

Minimum of 7 years (Level 18) or 10 years (Level 19) of experience in Cybersecurity with a focus on Governance Risk and Compliance (GRC).

Strong understanding of cybersecurity frameworks (e.g. NIST CSF NIST 800-53 ISO 27001 ISO 27002 ISO 27005 CMMI).

Hands-on experience with cybersecurity governance risk assessment methodologies and compliance audits.

Strong communication skills with stakeholder management.

High level of initiative and ownership.

Ability to adapt in a fast-paced evolving environment.

Collaborative mindset with a problem-solving attitude.

What will make you stand out:

Masters degree in Information Security cybersecurity computer science or related field.

Familiarity with CMMI frameworks and process maturity models particularly in the context of service delivery.

Experience preparing and supporting presentations to executive-level reports including dashboards KPIs and strategic insights tailored for senior leadership.

Hands-on experience with GRC applications.

Professional certifications such as CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CRISC (Certified in Risk and Information Systems Control) CISA (Certified Information Systems Auditor) or equivalent.

Bilingual in both official languages (English and French).

Eligibility:

EDC is dedicated to Fair Employment Practices. Applicants must be Canadian citizens or hold valid permanent residency cards at the time of application. Preference will be given to candidates who are legally able to work in Canada (Canadian Citizens or Permanent Residents). Candidates must also meet the government security screening requirements.

This position is open to individuals who meet all the essential criteria outlined above and submit their applications by the closing date. Ready to make a difference This is your chance to join a dynamic growing team and leave your mark on our organization development finance and the world.

Apply today!

Want to learn more about EDC Check our website here

EDCs Commitment to Employment Equity

Export Development Canada (EDC) is dedicated to fostering employment equity and building a diverse workforce. We are committed to creating a safe and inclusive environment that respects people from all cultures backgrounds and abilities. At EDC we nurture a culture of inclusion and belonging where everyone has equal opportunity to grow develop succeed and be their truest selves.

We actively encourage applications from women Indigenous peoples visible minorities persons with disabilities and members of the 2SLGBTQI community.

Your application must clearly demonstrate how you meet all the requirements. We thank all applicants interest in a career at EDC; however only those selected for an interview will be contacted. Please note that qualified candidates may be considered for similar roles at this level within EDC.

EDC recognizes that disclosing the need for accommodations can be a personal matter. Please know that as an organization we are committed to maintaining confidentiality and ensuring that any accommodations provided are tailored to support your needs. Our aim is to ensure you have a comfortable and positive experience throughout the recruitment process so please do not hesitate to contact us directly for any accommodation requests at . We are here to support you every step of the way.