GRC-Risk Assessment

About the Role

We are looking for an experienced Tech & Cyber Risk Assessment Specialist to join our Cyber, Data, and Security team. This role focuses on enterprise-wide technology risk assessments, identifying control gaps, and driving remediation initiatives across business and technology functions.

Key Responsibilities

• Conduct Technology Risk Assessments including:
  • Inherent Risk Assessment
  • Residual Risk Assessment
  • Control Gap Analysis
• Perform enterprise-wide EUC (End-User Computing) risk assessments
• Use Archer GRC tool for managing and executing risk assessments
• Identify control gaps and recommend effective mitigation strategies
• Track, monitor, and support remediation of identified risks
• Collaborate with stakeholders across Business, Technology, and Risk teams
• Analyze and address thematic enterprise risk issues
• Perform assessments aligned with frameworks such as:
  • ISO 27001, NIST, COBIT
• Ensure high-quality documentation including:
  • Risk reports
  • Findings
  • Recommendations

✅ Required Experience

• 4–10 years in:
  • Information Security
  • Technology Risk Management
  • Governance, Risk & Compliance (GRC)
• Hands-on experience in:
  • Inherent Risk & Control Gap Assessments
• Strong understanding of:
  • Risk Management & Governance principles
• Experience working with cross-functional stakeholders
• Excellent verbal and written communication skills

️ Must-Have Skills

• Solid experience in Tech Risk Assessments
• Strong knowledge of Information Security & Risk Governance
• Hands-on expertise with Archer GRC tool
• Proficiency with:
  • MS Excel, JIRA, SharePoint, M365 suite
• Strong analytical and communication skills

⭐ Nice-to-Have Skills

• Exposure to regulatory frameworks:
  • OSFI, OCC, etc.
• Experience in Financial Services domain
• Experience working with cross-border/global teams
• Certifications (preferred):
  • CRISC
  • CISSP
• Knowledge of frameworks:
  • ISO 27001, NIST, COBIT

Why Join Us?

• Work on enterprise-scale cybersecurity initiatives
• Collaborate with global teams across business and technology
• Opportunity to influence risk posture at an organizational level
• Continuous learning in evolving cyber risk landscape