Security Governance, Risk & Compliance Analyst (IT Security Analyst IV)

As an equal opportunity employer, we are looking to build a diverse workforce that reflects the diversity of our clients and the customers we serve. Learn more about working for WCB at Careers - WCB Alberta

Job Title:

Security Governance, Risk & Compliance Analyst (IT Security Analyst IV)

Job Type:

Permanent / Full time

Job Location:

Edmonton, Alberta

Security Governance, Risk and Compliance Analyst (IT Security Analyst IV)
Business Technology Services

Architecture, Data & Cyber Security - Edmonton / Calgary, AB

Permanent, Full Time

Why WCB-Alberta?

We are a team that cares. Over 2,000 people, in four offices located in Edmonton and Calgary, each with unique skill, expertise and perspective that supports our core areas of business. Regardless of specialty, we are a team connected by a shared purpose and value.

As the independent operator and administrator of the province’s Workers’ Compensation Act, we come to work each day committed to over two million workers and over 170,000 Alberta employers. We are inspired by making a positive impact on the lives and businesses that have been impacted by workplace injuries.

The WCB Alberta is currently on a multiyear journey to modernize and optimize our technology ecosystem that will achieve our strategic objectives and bolster innovation with a view into the future.  As the trusted technology partner, essential to the fulfillment of WCB’s strategic objectives, the Business Technology Services (BTS) division works collaboratively and creatively with our partners, to provide secure, innovative technology and data solutions that position WCB Alberta as an industry leader in Worker’s Compensation.

In securing WCB’s critical technical infrastructure, you will work to provide leadership and technical expertise with a business-oriented focus to ensure that we are able to maintain a secure posture and anticipate threats to our computing systems and data before they happen. 

Your primary responsibilities relate to the maintenance of the governance, risk, and compliance components of the organization. You will be responsible for maintaining our control framework compliance and will recommend, develop, and document appropriate information security controls/policies, procedures, standards, and guidelines. You will conduct and document threat and risk assessments and assist in the delivery of the ongoing compliance assessments.

Your Security Governance, Risk and Compliance Analyst responsibilities:

• Use the CIS and NIST Cybersecurity frameworks to assess our current level of maturity, and work with staff to strategically improve upon those levels.
• Aid in the development of a Cybersecurity risk management program, including threat assessment and reporting, to ensure risks are appropriately managed and reported to management and other stakeholders.
• Develop governance and recommendations on new security standards, guidelines, and processes to support WCB business systems and data, and monitor for implementation and process review.
• Defining security policies, standards and guidelines to improve the efficiency and effectiveness of adoption of best practices through a comprehensive set of published documents.
• Coordination of audit recommendations to address recommendations and observations.
• Assist the vulnerability management program by documenting and tracking residual vulnerability risks on information assets.
• Consult with business units to help define and implement security solutions for project-based work.
• Educate, coach, and lead junior staff.

Your experience and skills:

• Graduate from a recognized university or institute of technology in Information Security, Risk Management, or a related field.
• Minimum of 4 years’ experience in Security GRC, IT audit or IT based risk management.
• Experience in IT governance, risk assessment, compliance auditing, and security controls for enterprise infrastructure, applications, and databases.
• Preference for those with an IT Security or Audit professional certification. (CISSP, CISA, CRISC, etc.)
• Strong business writing, interpersonal and communication skills, as well as excellent customer service skills are essential.
• Ability to innovate, bring forward new ideas and make concepts a reality.
• Ability to manage multiple ongoing activities on a regular basis.
• Ability to learn and adapt to new technology quickly.
• Thorough knowledge and understanding of the following technologies/concepts:
• CIS and NIST
• Risk management
• COBIT/COSO
• Risk Assessment and Management Software (RSA Archer, ServiceNow, Ivanti GRC)
• Third Party Risk Management
• Vulnerability and Patch Management
• Compliance and Audit tools

We offer a competitive salary, a comprehensive benefits package, flexible work schedules and hybrid work opportunities that foster a healthy work-life balance. You’ll work with supportive leaders and skilled professionals in a caring and collaborative work environment. For more information, please see our Employee Handbook, available on our website.

Salary:              $89,984 to $105,848 per annum (Pay Grade 12)

We are committed to providing equal opportunity to all qualified persons, without regard to race, colour, religion or national origin, gender (or gender identity or expression), age, sexual orientation, physical or mental disability.  Equal opportunity is provided in employment, promotions and wages.

Final candidates for this position are required to undergo a security clearance as a condition of employment. Candidates must reside in Alberta to be considered.

Please apply online by submitting a cover letter and resume above.

Posting Date:  March 24, 2025

Closing Date:  April 7, 2025

We thank all applicants for their interest; however, only candidates under consideration will be contacted.