GRC Analyst

About Four Seasons:

Four Seasons is powered by our people. We are a collective of individuals who crave to become better, to push ourselves to new heights and to treat each other as we wish to be treated in return. Our team members around the world create amazing experiences for our guests, residents, and partners through a commitment to luxury with genuine heart. We know that the best way to enable our people to deliver these exceptional guest experiences is through a world-class employee experience and company culture.
At Four Seasons, we believe in recognizing a familiar face, welcoming a new one and treating everyone we meet the way we would want to be treated ourselves. Whether you work with us, stay with us, live with us or discover with us, we believe our purpose is to create impressions that will stay with you for a lifetime. It comes from our belief that life is richer when we truly connect to the people and the world around us.

About the location:

Four Seasons Hotels and Resorts is a global, luxury hotel management company. We manage over 120 hotels and resorts and 50 private residences in 47 countries around the world and growing. Central to Four Seasons employee experience and social impact programming is the company’s commitment to supporting cancer research, and the advancement of diversity, inclusion, equality and belonging at Four Seasons corporate offices and properties worldwide. At Four Seasons, we are powered by people and our culture enables everything we do.

The GRC Analyst will be responsible for ensuring successful completion of IT Security Risk Assessments and will assist in the development of risk management policies and procedures and providing guidance to the organization on best practices for managing governance, risk, and compliance. The GRC Analyst will work closely with internal stakeholders across the organization to identify areas of risk and implement effective controls to mitigate those risks.

This role is based in Four Seasons Hotels and Resorts, Toronto Corporate Office, reporting to the Director, Global Information Security. This role involves interactions with the Corporate and Global IT teams, Technology Business Owners and external Technology Partners.

Key Activities/ What You’ll Be Doing

• Conduct information security risk assessments by following the Four Seasons internal risk assessment methodology and template

• Perform audits and assessments to ensure the organization's compliance with regulatory requirements and internal policies and procedures.

• Assist in developing and documenting secure solution deployment and configuration guides as the direct result of the completed risk assessments

• Develop and implement policies and procedures to manage risk and ensure compliance with applicable regulations and frameworks

• Support and advise leadership on governance best practices, including the oversight of risk management and compliance activities.

• Day to day evaluation of adherence to Four Seasons internal information security controls

• Identify weaknesses within operational, systems and network processes and escalating these observations for management prioritization

• Participate in calls with hotels and vendors to gather information and to work on specific tasks as required

• Work closely with internal stakeholders to ensure that controls are in place and operating effectively

• Evaluate and manage third-party risk and vendor compliance

•  Provide training and guidance to employees on compliance issues and best practices for managing risk

• Assist in managing IT Risk Register

• Assist in preparing reports and presentations on Risk Management

Desired Skills/ Who You Are

• The ability to analyze data and identify potential risks and recommend solutions to mitigate those risks.

• A strong focus on delivering stakeholder satisfaction and results by anticipating and meeting stakeholder needs, expectations, and requirements.

• The ability to pay close attention to details, ensuring that policies and procedures are compliant and risk management activities are executed accurately.

• The ability to communicate effectively with stakeholders, both in writing and verbally. This includes presenting findings, providing guidance, and delivering training to employees.

• Demonstrates integrity and ethical behaviour in accordance with the company's values and expectations.

• The ability to manage multiple projects and priorities simultaneously and deliver within given timelines.

• The ability to adapt to changing priorities and situations and to work effectively in ambiguous situations.

• The ability to think critically and proactively identify and assess risks, evaluate their impact on the organization, and develop strategies to mitigate them.

• The ability to stay abreast of industry best practices and emerging trends in GRC, and continuously update knowledge and skills.

Experience, Education and Professional Qualifications / What You Bring

• Bachelor’s degree or commensurate experience

• Information Security Certification or Accreditation an asset.

• 2+ years of experience in a compliance, risk management, or governance role

• Demonstrated knowledge in the areas of risk assessment, strong understandings of secure communications, secure data storage, secure systems development, secure systems deployment and documentation

• Strong understanding of the information security risks generated by incorrectly deployed and configured applications

• Understanding of information security principles, including confidentiality, integrity, and availability, and familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework.

• Familiarity with project management methodologies and experience managing GRC-related projects, such as compliance assessments, risk assessments, or internal audits.

• Familiarity with a variety of the information security, networking, and governance concepts, practices, and procedures

• Familiarity with legal and regulatory requirements and their impact on Four Seasons, including contractual obligations and privacy regulations.

• Experience developing and implementing policies and procedures to manage risk and ensure compliance.

• Strong understanding of network, application, and other technical security controls

• Professional certification such as CISA, CISM, or CRISC is a plus

• Ability to clearly communicate with technical and non-technical stakeholders is essential

• Demonstrated understanding of real-world application of (ISO/IEC) 17799:2005(E) standards, COBIT and RISK IT frameworks and PCI-DSS requirements

• Thorough understanding of regulatory and compliance requirements, such as PCI DSS, GDPR, CCPA, etc.

This role will be a Hybrid working model, which will require 2-3 days per week in the Four Seasons Corporate Office located at 1165 Leslie Street, Toronto, Ontario #LI-Hybrid 

Four Seasons is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If contacted for an employment opportunity, please advise Human Resources if you require accommodation.