IT Risk and Compliance Analyst

Job Summary

The IT Risk and Compliance Analyst is responsible for ensuring that the organization’s processes, policies, and procedures meet the legal and regulatory standards of the industry.

Reporting to both the Chief Risk Officer and the Vice President, Information Services, the successful applicant will be familiar with and responsible for successfully executing the relevant laws and regulatory standard requirements related to applicable OSFI Guidelines, SOC 2, and ITGC and support the team in meeting these requirements.

Duties and Responsibilities

Uphold the division and Olympia’s reputation and values, while promoting our motto “With Us, It’s Personal” in all interactions with employees, clients, and business associates.
Review and ensure that the organization’s processes, policies, and procedures meet the legal and regulatory standards of the industry (including OSFI Guidelines, SOC 2, and ITGC).
Responsible for effective communication and education of the internal control policies.
Interpret risk and compliance OSFI Guidelines and ensure that the business systems and technologies are in compliance with such Guidelines.
Serve as a point of contact for IT-related audits and inquiries, including audits and inquires from external stakeholders such and internal audits.
Prepare evidence required for audits, keep track of findings, and manage the remediation plan until all issues have received a satisfactory resolution.
Collaborate with various departments to identify and resolve risk and compliance issues.
Conduct risk assessments, monitor compliance issues, and recommend solutions to mitigate risk and maintain compliance.
Assist with developing and implementing business systems and technology security policies, processes, standards, and compliance education efforts.
Assess and report on the design and effectiveness of entity controls, ITGCs, application controls and business process controls.
Liaise with external auditors to support internal controls and SOC 2 assessments and discuss any internal audit issues noted.
Maintain accurate program documentation, from scoping and control documentation to testing evidence and risk assessment.
Other duties, as assigned by management.
Flexible to perform various assigned tasks as requested by management and executives.

Competencies

Connection - We build long-term relationships by collaborating with our clients and industry participants.
Accountability - We are a trusted business partner operating with transparency and integrity.
Innovation - We leverage technology to continuously improve how we serve our customers.
Strong communication and presentation skills, with the ability to present ideas in business-friendly and user-friendly language.
Strong process improvement mindset.
Keen attention to detail.
Ability to deal with multiple tasks, prioritize, change quickly and work under pressure.
Ability to work with a broad spectrum of people with varying levels of technical acumen.
Team player, willing to share and play various roles in a collaborative environment.
Good knowledge of M365, SharePoint, Zoom, experience with security and compliance software.
Self-starter with strong time management, able to work under pressure and meet deadlines.
Curiosity, enthusiasm, and a passion for technology.

Formal education and experience

Bachelor’s degree in computer science, Business, Information Systems, Accounting, Information Technology, or a related field.
Minimum three (3) years of accounting, finance, and internal system audit experience or five (5) of years relevant experience preferred.
Relevant certifications such as CISA, CISSP, CRISC, PCI, CISM or CGEIT are preferred.

Specialized skills or knowledge

Technical knowledge of IT best practices, Frameworks, regulatory requirements, and laws (COBIT, COSO, SOC 2, PCI DSS, Change management, SOX, ITIL, NIST, ISO).
Experience in conducting risk assessments and monitoring compliance issues.
Successful completion of a Criminal Background check is required.

‍

Apply Now