GRC Analyst

Meet Benevity

Benevity is the way the world does good providing companies (and their employees) with technology to take social action on the issues they care about. Through giving volunteering grantmaking employee resource groups and micro-actions we help most of the Fortune 100 brands build better cultures and use their power for good. Were also one of the first B Corporations in Canada meaning were as committed to purpose as we are to profits. We have people working all over the world including Canada Spain Switzerland the United Kingdom the United States and more!

High-Level Overview

Benevity is seeking a Governance Risk & Compliance (GRC) Analyst to support and grow our security governance risk privacy and regulatory this role you will contribute to the execution of Benevitys GRC program by supporting compliance activities assisting with risk assessments contributing to third-party risk management responding to client due diligence requests and helping maintain the policies and controls that strengthen trust with our clients partners and stakeholders.

Working alongside experienced GRC professionals you will build your skills in information security compliance and risk management while helping ensure Benevity aligns with leading standards privacy laws and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance risk audit and privacy domains.

What youll do:

Governance & Policy

• Assist in maintaining and rolling out security and privacy policies standards and control frameworks aligned to ISO 27001 SOC 2 NIST PCI DSS GDPR PIPEDA FINTRAC and other global regulations.
• Support policy exception management attestation processes and identify opportunities for process improvement.

Risk Management

• Assist with enterprise risk assessments including vendor and process-level reviews.
• Support maintenance of the risk register track remediation activities and assist with risk treatment planning.
• Contribute to Benevitys Third-Party Risk Management (TPRM) program including vendor onboarding assessments ongoing monitoring and remediation tracking.

Compliance & Audit

• Support audit readiness and response efforts for ISO 27001 SOC 2 PCI DSS GDPR PIPEDA FINTRAC and other frameworks.
• Assist with evidence gathering control validation and auditor engagement.
• Leverage GRC platforms to support audit privacy and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security privacy and compliance.
• Complete customer security questionnaires RFPs and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely accurate responses that build client trust.

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR PIPEDA CCPA/CPRA and others).
• Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy AML financial crime) and help align internal processes accordingly.

Advisory & Awareness

• Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
• Assist in delivering reporting and insights (dashboards risk metrics summaries) for leadership.
• Contribute to Benevitys Security Awareness & Training program including awareness campaigns training modules and phishing simulations.
• Contribute to training documentation and awareness activities that strengthen Benevitys security privacy and compliance culture.

What youll bring:

• 24 years of experience in cybersecurity governance risk compliance or privacy ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst we welcome candidates with 02 years of experience including relevant internship co-op or academic project experience.)
• Working knowledge of security privacy and regulatory frameworks including ISO 27001 NIST SOC 2 PCI DSS GDPR PIPEDA FINTRAC and/or CCPA/CPRA.
• Exposure to or experience with GRC tooling (e.g. OneTrust Hyperproof SecurityPal AuditBoard Drata) to support policy risk audit privacy and vendor risk workflows.
• Familiarity with risk assessment methodologies vendor risk concepts and compliance evidence gathering.
• Experience or willingness to support client due diligence processes (security questionnaires RFPs TPRM).
• Ability to communicate risk security privacy and regulatory concepts clearly to both technical and non-technical stakeholders.
• Strong organizational skills attention to detail and a proactive approach to learning and problem-solving.
• An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
• Certifications such as Security CISM CISA CRISC or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.

Discover your purpose at work

Were not employees were Benevity-ites. From all locations backgrounds and walks of life who deserve more

Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.

If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where youre valued for who you are and challenged to see who you can become

Its time to join Benevity. Were so excited to meet you.

Where We Work

At Benevity we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work strong relationships and personal well-being. For those located near one of our offices while theres no set requirement for in-office time we do value the moments when coming together in person helps us build connection and collaboration. Whether its for onboarding project work or a chance to align and bond as a team we trust our people to make thoughtful decisions about when showing up in person matters most.

Join a company where DEIB isnt a buzzword

Diversity equity inclusion and belonging are part of Benevitys DNA. Youll see the impact of our massive investment in DEIB daily from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.

We know that diverse backgrounds experiences skills and passions are what move our business and our people forward so were committed to creating a culture of belonging with equal opportunities for everyone to shine.

That starts with a fair and accessible hiring process. If you want to feel seen heard and celebrated you belong at Benevity.

Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to