Cybersecurity Governance, Risk, and Compliance Analyst

Worker Type: Employee

Group: System Controls & Monitoring Department

Job Post End Date: 02/03/2025

About this opportunity:

Cenovus is seeking a highly motivated Cybersecurity Governance, Risk, and Compliance (GRC) Analyst to join our System Controls and Monitoring Team. This role focuses on technical administrative governance, including access reviews, activity monitoring, and ensuring overall domain hygiene. The successful candidate will play a critical role in maintaining and improving our IT governance and security posture while collaborating across IT and business units. Knowledge of Active Directory governance and its integration into broader IT governance models, as well as familiarity with audit practices and IT risk management processes are assets in this role. This position is ideal for a meticulous professional with deep technical and organizational skills who thrives in a dynamic environment.

What you’ll do:

• Focus on ensuring robust security governance through technical and administrative measures and identify and mitigate risks to reduce the likelihood of data breaches, regulatory non-compliance, or system compromises

• Ensure the company avoids costly fines or reputational damage by maintaining SOX and other compliance standards

• Ensure the organization stays aligned with financial and operational reporting standards avoiding penalties or legal exposure

• Conduct access reviews, domain hygiene maintenance, and process optimization to help ensure systems run efficiently, as well as minimize disruptions caused by security misconfigurations or failures

• Contribute a proactive approach to cybersecurity allowing the company to anticipate and prepare for emerging threats rather than reacting after incidents occur

• Ensure the security framework supports operational needs while maintaining compliance with industry regulations

• Protect sensitive data and systems to enable secure business processes and to help build trust among employees, partners, and regulators

• Focus on access reviews, domain hygiene, and risk management to enhance the company's ability to operate effectively in a regulated and competitive environment

Who you are:

Our ideal candidate will have the following minimum requirements:

• Legally authorized to work in Canada

• Minimum 5 years of experience in cybersecurity governance, risk, and compliance, with a focus on technical administrative governance

• Bachelor’s Degree in IT, Cybersecurity, a related field, or equivalent experience

• Solid understanding of access management, activity monitoring, domain hygiene best practices, cybersecurity frameworks (e.g., NIST ISO 27001 COBIT), and regulatory compliance standards

• Good technical understanding of IT networks, infrastructure, software systems, and experience with cloud platforms (AWS, Azure, etc.), and their governance models

• Process-oriented with excellent skills in documenting and optimizing workflows

We acknowledge the value of transferrable skills and may consider equivalent combinations of experience and education should you not meet a specific requirement.

Note: The application deadline for this position is 11:59 PM MT February 2, 2025.

If you require accessibility assistance to complete the on-line application or otherwise apply for an open position with Cenovus, its subsidiaries and affiliates, please email careeropportunities@cenovus.com.

Internal candidates that are currently in a lower grade will be assessed based on their sustained job performance, how they demonstrate the expected organizational competency behaviors and values and in discussions with their current leader prior to determining next steps.

Who we are:

We’re an integrated energy company headquartered in Calgary with oil and natural gas production operations in Canada and the Asia Pacific region, and upgrading, refining and marketing operations in Canada and the United States. We’re committed to maximizing value by developing our assets in a safe, responsible and cost-efficient manner, integrating environmental, social and governance considerations into our business plans.

We've been named a Top Alberta Employer for 2024, a designation recognizing organizations leading their industries in offering exceptional places to work.

Find Cenovus on Facebook, X, LinkedIn, YouTube and Instagram.

For more information, please visit cenovus.com.

At Cenovus, we embrace diversity of thought, experience and backgrounds to help us make better business decisions, address our challenges, seize opportunities and unlock innovative solutions. We’re committed to building a diverse and inclusive workplace where people feel respected, valued and engaged. We strive for a collaborative, physically and psychologically safe environment where you can be yourself, feel a sense of belonging and thrive. For more information, including details on our inclusion and diversity networks, visit Cenovus.com.

The requirements of this posting may be modified to support business needs. Title and compensation administration will be based on the skills and capabilities of the successful incumbent.

#LI-CL1

Notification

To be considered for a position,  please click Apply and create an account or sign in to your Cenovus Careers profile.

Immediately following successful submission of your online application, you will receive an online notification confirming Cenovus's receipt of your resume.

Only those applicants who apply directly to a posted position and are selected for an interview will be contacted.  We will not accept agency or third-party candidate submissions.

To follow the status of your application, log in to your Cenovus Careers profile and click on the appropriate job under ‘My Applications’.

Interested in this opportunity?  Click the Apply link.

If you are a CURRENT EMPLOYEE please apply by going to our Internal Career Site