ServiceNow GRC Business Analyst, Senior Associate (Canada)

Toronto - Canada

Monthly Salary: $ 62000 - 99500

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

We are the leading provider of professional services to the middle market globally our purpose is to instill confidence in a world of change empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled inclusive culture and talent experience and our ability to be compelling to our clients. Youll find an environment that inspires and empowers you to thrive both personally and professionally. Theres no one like you and thats why theres nowhere like RSM.

As Senior Associate you will help assess design and deploy RSMs GRC program and technology implementation products across a range of industries and geographic locations.

Examples of candidate responsibilities include the following areas:

Developing strong working relationships with clients built on understanding their businesses and challenges
Work across multiple client account teams within a wide variety of industries.
Managing multiple team engagements simultaneously including several pieces of any assignmentnot just a single area of focus
Working in a mutually respectful team environment helps our associates perform at their best and integrate their career with their personal life
Business analysis and requirements gathering to include:
- Stakeholder Management Engaging with business IT security and compliance teams.
- Requirement Elicitation Identifying business needs security policies and user access requirements.
- Process Mapping Documenting current vs. future state workflows.
- Use Case Development Defining user roles access levels and authentication scenarios.
- Roadmap Development- Building out multi-stage multi-year plan for the rollout of new cybersecurity capabilities.
- Project Planning Detail out the activities duration and dependencies for a complex solution deployment as well as ability to track status and escalate risks and issues.

Experience working in security operations or compliance operations environments.
Working to evaluate cybersecurity requirements and design and/or operate controls to address these requirements

Basic Qualifications:

Role Specific Qualifications

3-6 years of experience:
- Building leading and developing high performing teams
- Mentoring and influencing others both internally and within client organizations
- Managing client work and drive client communications with little or no oversight from RSM Senior Leadership
- Managing budgets and resource allocation including but not limited to program and project management
- Implementations with leading ServiceNow IRM and/or SecOps solutions
- GRC solution testing strategies and methods (user acceptance testing integration testing performance testing high availability/failover testing)
- Develop business requirements fit gap analysis design and build documentation and solution roadmapping
- Performing project management activities including project plan development status management as well risk issue action item and decision management
ServiceNow Certification: Certified System Administrator (CSA) (preferred) and one of other specialized certifications like Certified Implementation Specialist (CIS) in Security Operations (SecOps) Vendor Risk Management (VRM) and IRM (Integrated Risk Management)
Technical background in computer science and related fields
The ability to interpret and convey technical information through written and oral communications to all levels of technical aptitude including senior management
High degree of integrity and confidentiality as well as ability to adhere to company policies and best practices
Possesses a strong internal drive and motivation for continuous improvement
Knowledge of change management user training and organization impact principles
Familiarity with the development and management of IT and/or cybersecurity requirements and use case development
Familiarity with the design and implementation of Governance Risk and Compliance (GRC) solutions for cybersecurity risk management and/or Security Operations (e.g. ServiceNow AuditBoard)
Basic knowledge of common compliance requirements (e.g. NIST CSF COBIT CIS NIST 800-530 ISO 27001 PCI HIPAA CMMC etc)
Passion for regulatory compliance and cybersecurity and ability to self-direct and teach themselves about new and emerging cybersecurity concepts.
Excellent written and verbal communication skills with a focus on translating technical requirements for business stakeholders.
Ability to manage and prioritize multiple tasks in a fast-paced environment particularly in support of cybersecurity project lifecycles.

Preferred Qualifications

Bachelors degree in Information Security Risk Management or related field.
Experience with implementation of one or more GRC technologies including Workiva MetricStream or OneTrust
Certified Information Systems Security Professionals (CISSP); Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM); or equivalent security certifications.
Experience with Microsoft tools such as Excel and PowerPoint.
Delivery background with ITSM platforms such as ServiceNow Jira etc.
Development and/or architecture experience with API connectors data lake or BI tools (e.g. PowerBI) for risk reporting) as well as automation and/or AI/ML services.
Familiarity with common cloud security concepts delivery models and changing division of cybersecurity responsibilities between vendors and customers

At RSM we offer a competitive benefits and compensation package for all our offer flexibility in your schedule empowering you to balance lifes demands while also maintaining your ability to serve clients. Learn more about our total rewards at does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past current or prospective service in the Canadian uniformed service; Canadian Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership.RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application interview or otherwise participate in the recruiting process please call us at or send us an email at .

At RSM an employees pay at any point in their career is intended to reflect their experiences performance and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including but not limited to education skills work experience certifications location etc. As such pay for the successful candidate(s) could fall anywhere within the stated range.

Compensation Range: $62000 - $99500

Individualsselected for this role will be eligible for a discretionary bonus based on firm and individual performance.

Required Experience:

Senior IC

As Senior Associate you will help assess design and deploy RSMs GRC program and technology implementation products across a range of industries and geographic locations.

Examples of candidate responsibilities include the following areas:

Developing strong working relationships with clients built on understanding their businesses and challenges
Work across multiple client account teams within a wide variety of industries.
Managing multiple team engagements simultaneously including several pieces of any assignmentnot just a single area of focus
Working in a mutually respectful team environment helps our associates perform at their best and integrate their career with their personal life
Business analysis and requirements gathering to include:
- Stakeholder Management Engaging with business IT security and compliance teams.
- Requirement Elicitation Identifying business needs security policies and user access requirements.
- Process Mapping Documenting current vs. future state workflows.
- Use Case Development Defining user roles access levels and authentication scenarios.
- Roadmap Development- Building out multi-stage multi-year plan for the rollout of new cybersecurity capabilities.
- Project Planning Detail out the activities duration and dependencies for a complex solution deployment as well as ability to track status and escalate risks and issues.

Experience working in security operations or compliance operations environments.
Working to evaluate cybersecurity requirements and design and/or operate controls to address these requirements

Basic Qualifications:

Role Specific Qualifications

3-6 years of experience:
- Building leading and developing high performing teams
- Mentoring and influencing others both internally and within client organizations
- Managing client work and drive client communications with little or no oversight from RSM Senior Leadership
- Managing budgets and resource allocation including but not limited to program and project management
- Implementations with leading ServiceNow IRM and/or SecOps solutions
- GRC solution testing strategies and methods (user acceptance testing integration testing performance testing high availability/failover testing)
- Develop business requirements fit gap analysis design and build documentation and solution roadmapping
- Performing project management activities including project plan development status management as well risk issue action item and decision management
ServiceNow Certification: Certified System Administrator (CSA) (preferred) and one of other specialized certifications like Certified Implementation Specialist (CIS) in Security Operations (SecOps) Vendor Risk Management (VRM) and IRM (Integrated Risk Management)
Technical background in computer science and related fields
The ability to interpret and convey technical information through written and oral communications to all levels of technical aptitude including senior management
High degree of integrity and confidentiality as well as ability to adhere to company policies and best practices
Possesses a strong internal drive and motivation for continuous improvement
Knowledge of change management user training and organization impact principles
Familiarity with the development and management of IT and/or cybersecurity requirements and use case development
Familiarity with the design and implementation of Governance Risk and Compliance (GRC) solutions for cybersecurity risk management and/or Security Operations (e.g. ServiceNow AuditBoard)
Basic knowledge of common compliance requirements (e.g. NIST CSF COBIT CIS NIST 800-530 ISO 27001 PCI HIPAA CMMC etc)
Passion for regulatory compliance and cybersecurity and ability to self-direct and teach themselves about new and emerging cybersecurity concepts.
Excellent written and verbal communication skills with a focus on translating technical requirements for business stakeholders.
Ability to manage and prioritize multiple tasks in a fast-paced environment particularly in support of cybersecurity project lifecycles.

Preferred Qualifications

Bachelors degree in Information Security Risk Management or related field.
Experience with implementation of one or more GRC technologies including Workiva MetricStream or OneTrust
Certified Information Systems Security Professionals (CISSP); Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM); or equivalent security certifications.
Experience with Microsoft tools such as Excel and PowerPoint.
Delivery background with ITSM platforms such as ServiceNow Jira etc.
Development and/or architecture experience with API connectors data lake or BI tools (e.g. PowerBI) for risk reporting) as well as automation and/or AI/ML services.
Familiarity with common cloud security concepts delivery models and changing division of cybersecurity responsibilities between vendors and customers