Auditor/Analyst, IT Governance Risk and Compliance

About Vancity

Vancity is a member-owned credit union built on the principles of inclusion and social justice. A relentless commitment to their values has helped them challenge the status quo and break down barriers since day one in 1946. They have bold commitments to make Vancity net-zero by 2040 across all mortgages and loans and are pursuing strategies on Indigenous banking and to improve the financial resilience of their members.

Vancity is the largest private sector Living Wage Employer in Canada and has been consistently recognized as one of the Top Employers in Canada. If you’re interested in joining their team of 2,700 diverse individuals and accessing competitive rewards and benefits, all while knowing you are part of a greater movement, then apply today!

About the workplace

This is a permanent, full-time role that will enjoy hybrid working arrangements which can be fulfilled primarily from the Vancity head office location and your Lower Mainland based home office. This role may require you to work on-site at least once a week.

Join our IT Governance, Risk, and Compliance (IT-GRC) team as an Auditor and Analyst. Join our IT Governance, Risk, and Compliance (IT-GRC) team as an Auditor and Analyst.  In this role, you will be performing Third-Party Risk Management (TPRM) and vendor risk assessments as part of our IT-TPRM initiative while also ensuring the effectiveness of our information security and system controls through audits and reviews.  You will work closely with internal stakeholders and vendors to ensure that security and compliance risks are identified, assessed, and managed effectively in line with internal policies, regulatory requirements, and industry best practices.

A typical day would involve:

• Develop internal controls and test procedures to audit the related processes to ensure the operating effectiveness of these controls.
• Conducting third-party risk assessments to evaluate vendor security and compliance controls by reviewing vendor documentation, engaging with internal stakeholders to understand business requirements, and identifying security and compliance gaps.
• Reviewing vendor security documentation, including SOC reports, web application penetration test results, and security risk assessments.
• Maintaining and improving third-party risk management processes, tools, and workflows to streamline risk assessments, audit procedures, and reporting.
• Working with procurement, vendor management, legal, and other business teams to perform due diligence on new vendors, and ensure security and compliance requirements are met before onboarding.
• Evaluating third-party security incidents or breaches, or vulnerabilities, and coordinating investigation efforts with internal teams and vendors

You have:

• Bachelor’s in Information Technology, Risk Management, Business, or a related field
• 2 -5 years of related experience in IT Governance, Risk, and Compliance (GRC), Third-Party Risk Management, or Information Security
• A solid understanding of relevant cyber security standards and frameworks such as NIST, ISO 27001, AICPA SOC reports, OSFI, PIPEDA.
• Prior working knowledge in reviewing SOC1, SOC2 and ISO 27001 reports and attestations.
• Experience reviewing vendor security controls, evaluating compliance artifacts, and analyzing security risks.
• Strong attention to detail and analytical thinking to identify vendor security risks and assist in remediation tracking.
• Excellent communication and stakeholder management skills to engage with vendors and internal teams.
• A proactive mindset with the ability to work independently and manage multiple priorities in a fast-paced environment.

Bonus point(s):

• Experience in IT, Audit, Risk Management, Information Security, or a combination of these
• Information Security related certifications and training such as CISA, CRISC, and CISM
• An undergraduate degree (preferably in Cyber Security, Computer Science, Engineering, or highly related field)

You are:

• Detail-Oriented: You have a sharp eye for identifying security gaps and areas of
• improvement in vendor security practices.
• Analytical: You can balance business needs with risk considerations and provide pragmatic recommendations.
• Proactive & Adaptable: You anticipate challenges and take action to address them before they escalate.
• Collaborative: You work effectively with cross-functional teams, including Procurement, Legal, and IT Security.
• A Clear Communicator: You can translate technical risk concepts into business-friendly
• language for stakeholders.
• Driven by Continuous Improvement: You are always looking for ways to refine processes and enhance risk management effectiveness.

We value lived experience, so if you are interested in this role, we encourage you to apply even if you feel your skills don't perfectly align with those listed.

The salary range for this role is $71,500 to $107,300 annually. Base pay offered may vary depending on factors such as relevant qualifications, skills, previous experience, and internal equity. As part of our total rewards package, employees may also be eligible for our annual incentive program, subject to program eligibility requirements.

Posting Deadline: Posted until filled

A career at Vancity is more than just a job, you’re joining a tradition of change-makers who are creating lasting change for our communities. Beyond base pay, we offer a comprehensive total rewards package to ensure our employees are empowered to thrive:

We offer:

• We are the largest private-sector Living Wage Employer in Canada and have been consistently recognized as one of the Top Employers in Canada.
• Our permanent employees qualify for attractive benefit packages that can be customized and changed each year to meet their evolving needs.
• New employees receive between three to four weeks of vacation allowance per calendar year, and the number of vacation days grows
• In addition to the 10 statutory holidays in British Columbia, Vancity provides an additional three statutory holidays. We offer care days for periods of short-term personal illness or emergency family illness.
• We have flex credits for our health care & dental benefits offer three levels of coverage for you to select from. These benefits will also be effective immediately based on your hire date.  
• We understand that retirement means different things to different people and at Vancity we will offer you a Defined benefits pension plan that pays you a retirement income for life.

At Vancity we’re committed to creating a welcoming and inclusive workplace to help our people and communities thrive and prosper. Diversity in our workforce is integral so that we can truly represent, understand and respond to our community needs and deliver on our member experience.

We are committed to providing an inclusive and accessible recruitment experience for all candidates. If you require any accommodations at any stage of the recruitment process, please reach out to our Talent Acquisition team at recruitment@vancity.com for confidential support. In-person assistance is also available. We will collaborate with you to ensure your needs are met promptly and effectively.