GRC Analyst

Posted Yesterday
Be an Early Applicant
Toronto, ON, CAN
Hybrid
56K-77K Annually
Mid level
Software
The Role
Support and grow Benevity's GRC program by maintaining policies and control frameworks, assisting risk assessments and third-party risk management, supporting audit readiness and evidence gathering, responding to client security/privacy questionnaires, and contributing to privacy, regulatory, and awareness initiatives across the organization.
Summary Generated by Built In
Meet Benevity

Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!

High-Level Overview
Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.

Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.


What you'll do:

Governance & Policy

  • Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.

  • Support policy exception management, attestation processes, and identify opportunities for process improvement.

Risk Management

  • Assist with enterprise risk assessments, including vendor and process-level reviews.

  • Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.

  • Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.

Compliance & Audit

  • Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.

  • Assist with evidence gathering, control validation, and auditor engagement.

  • Leverage GRC platforms to support audit, privacy, and compliance workflows.

Client Support & Sales Enablement

  • Support the sales process by responding to client inquiries related to security, privacy, and compliance.

  • Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.

  • Partner with sales and client success teams to provide timely, accurate responses that build client trust.

Privacy and Regulatory

  • Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).

  • Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.

  • Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.

  • Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory & Awareness

  • Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.

  • Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.

  • Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.

  • Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.


What you'll bring:

  • 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)

  • Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.

  • Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.

  • Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.

  • Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).

  • Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.

  • Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.

  • An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.

  • Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.

 

Discover your purpose at work

We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …

Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.

If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …

It’s time to join Benevity. We’re so excited to meet you.

Where We Work

At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.

Join a company where DEIB isn’t a buzzword

Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.

We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.

That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.

Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to [email protected].

Skills Required

  • 2-4 years experience in cybersecurity, governance, risk, compliance, or privacy (SaaS/tech preferred)
  • Working knowledge of ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, CCPA/CPRA
  • Exposure to or experience with GRC tooling (OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata)
  • Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering
  • Experience or willingness to support client due diligence (security questionnaires, RFPs, TPRM)
  • Ability to communicate security, privacy, and regulatory concepts to technical and non-technical stakeholders
  • Strong organizational skills, attention to detail, and proactive learning/problem-solving
  • Interest in leveraging automation and AI to streamline GRC processes
  • Certifications valued (Security+, CISM, CISA, CRISC, CIPM/CIPP) or actively pursuing them
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Calgary, Alberta
818 Employees
Year Founded: 2008

What We Do

Benevity is the global social impact software with an all-in-one platform for corporate grantmaking, volunteering, giving, micro-actions and employee resource groups. A certified B Corporation and recognized in Fortune's Impact 20, we empower iconic brands to attract, retain and engage diverse workforces, embed social action in customer experiences, support communities and understand their impact in the world. Since our inception, Benevity has helped businesses around the world donate over $14 billion, track 72 million volunteer hours and support communities with over $19 billion in grants

Similar Jobs

Remote or Hybrid
3 Locations
818 Employees
Hybrid
Toronto, ON, CAN
818 Employees
99K-135K Annually

Magna International Logo Magna International

Industrial Engineer

Automotive • Hardware • Robotics • Software • Transportation • Manufacturing
Hybrid
2 Locations
171000 Employees

NBCUniversal Logo NBCUniversal

Manager, Media

AdTech • Cloud • Digital Media • Information Technology • News + Entertainment • App development
Remote or Hybrid
Toronto, ON, CAN
68000 Employees
85K-100K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account