Cybersecurity Analyst, Governance, Risk, and Compliance (GRC)

Cybersecurity Analyst, Governance, Risk, and Compliance (GRC) at Export Development Canada

Join the EDC Team!

At EDC, we support Canadian businesses to succeed globally. We provide the financial tools and expertise they need to explore new markets, reduce risks, all towards the goal of making Canada and the world better through trade.

About Export Development Canada

At Export Development Canada (EDC), we empower Canadian businesses to succeed globally. As a financial Crown corporation, we offer innovative financial solutions and expert insights to help businesses explore new markets, mitigate risks, and achieve growth.

Why Join EDC?

• Comprehensive Benefits: EDC offers a competitive compensation & benefits package, work-life balance, & the opportunity to help make Canada and the world better through trade.
• Work-Life Balance: EDC offers a competitive compensation package & work-life balance. We have hybrid work options, 3 to 4 weeks paid vacation, a corporate closure period, summer early Friday’s & no meeting Fridays.
• Professional Development: Take advantage of our continuous learning opportunities, including training programs, workshops and language training.
• Inclusive Culture: Be part of a diverse and inclusive workplace that champions employment equity & values diversity of ideas, strengths, & backgrounds to succeed.
• Wellness Programs: Access to wellness initiatives, mental health support, and fitness programs to keep you healthy and happy.
• Community Engagement: Participate in volunteer opportunities and give back to the community through our various social responsibility programs.

Team Overview

The Digital & Technology Solutions (DTS) group under the leadership of the Chief Information Officer was established in 2023 with the mission of empowering our customers and colleagues to take on the world, by seamlessly delivering secure and reliable digital experiences. This is your opportunity to join a cybersecurity team with a business-first mindset. You will be part of a growing team of cybersecurity professionals that value transparent communication, collaboration with various internal and external stakeholders, and support innovation while being equally committed to achieving information security risk targets and delivering on the planned security program obligations.

The Cybersecurity Analyst, Governance, Risk, and Compliance (GRC) supports the execution and operational delivery of cybersecurity governance, risk management and compliance activities applying industry recognized frameworks. This role contributes to maintaining EDC’s cybersecurity posture by supporting risk assessments, evidence collection, metrics and reporting, and lifecycle management of standards and guidelines, in collaboration with cross-functional teams.

What You Will Be Doing

• Governance Development: Support the maintenance of cybersecurity governance frameworks, policies, standards and guidelines, including updates, version control, and evidence maintenance under direction of senior team members.
• Risk Management: Provide EDC operational support to risk assessment managed services, ensuring access to EDC-managed tools and repositories.
• Capability Maturity Assessments: Coordinate and drive cybersecurity capability and maturity assessments aligned with Capability Maturity Model Integration (CMMI), including evidence collection, gap identification, and progress tracking.
• Compliance Monitoring: Assist in tracking compliance to internal cybersecurity policies and standards by supporting exception intake, maintaining logs, and following up on action items.
• Audit & Assessment Support: Support audits and assessments by preparing and organizing documentation and evidence packages; coordinate inputs and maintain response trackers.
• Metrics & Reporting: Collect, validate, and maintain cybersecurity governance and risk metrics; support dashboard creation and recurring reporting packs (e.g., Power BI) for oversight forums.
• Cross Functional Collaboration: Collaborate with Cybersecurity teams, IT, and business partners to support delivery of governance, risk, compliance, and reporting activities.
• Teamwork: Organize and prioritize assigned work within defined processes; escalate risks, blockers, and dependencies to senior team members as required.
• Standards & Guidelines: Coordinate periodic reviews of standards, guidelines, and procedures by collecting feedback, proposing updates, and maintaining publication artifacts for approval by senior owners.
• Knowledge & Content Management: Maintain Cyber Security SharePoint content, ensuring accuracy, relevance, and removal of obsolete or unauthorized information from front facing views.
• Technology Enablement: Leverage GRC tools, platforms, and reporting solutions (e.g., Power BI) to support efficient execution of GRC processes and metrics automation.
• Vendor Management: Support cyber security third party risk management activities by administering questionnaires, validating evidence completeness, tracking remediation actions, and escalating higher-risk issues for senior review.

What We Are Looking For

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Minimum 5 years of experience in Cybersecurity with a focus on Third Party Risk Management (TPRM) and GRC operational tasks.
• Good understanding and working knowledge of cybersecurity frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, ISO 27002) and the ability to apply them within defined procedures and assessments.
• Hands-on experience supporting one or more of: third-party risk activities, evidence collection for audits/assessments, compliance tracking, maturity assessments, or risk reporting, under established methodologies and guidance.
• Demonstrated ability to execute structured, recurring GRC activities, track evidence and documentation, track action items, and meet delivery timelines.
• Experience working with metrics, dashboards, or reporting (e.g., Excel/Power BI), including data validation and maintenance of reporting inputs.

What Will Make You Stand Out

• Experience supporting Cyber Third‑Party Risk Management (TPRM) workflows end‑to‑end (questionnaire administration, evidence validation, remediation tracking) in a high‑volume environment.
• Hands‑on experience with GRC tools, risk registers, SharePoint, or governance and compliance repositories.
• Hands‑on experience creating or improving Power BI dashboards and automated reporting for risk/register metrics (data quality, remediation status, trends).
• Exposure to Capability Maturity Model Integration (CMMI) or other maturity, assurance, or control‑based assessment frameworks in a support or coordination role.
• A structured, detail‑oriented approach with a strong service mindset, curiosity to learn, and interest in building a long‑term career in Cyber Governance, Risk and Compliance.
• Progress toward, or completion of, relevant certifications such as ISO 27001 Foundation, Security+, or other cybersecurity credentials.
• Bilingual in both official languages (English and French).

Key skills/competency

• Cybersecurity GRC
• Risk Management
• Compliance Monitoring
• NIST CSF
• ISO 27001
• Third-Party Risk Management
• Power BI
• Security Assessments
• Governance Frameworks
• Data Validation