11 hours ago

Senior GRC Analyst

Travelopia

On Site
Full Time
CA$110,000
Toronto, ON

Job Overview

Job TitleSenior GRC Analyst
Job TypeFull Time
Offered SalaryCA$110,000
LocationToronto, ON

Who's the hiring manager?

Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.

Uncover Hiring Manager

Job Description

About Travelopia

We pride ourselves on being travel experts. Leading the way when it comes to providing unique travel experiences, our brands offer the world’s best polar expeditions, wildlife safaris, cultural tours, yachting adventures and more.

Our ambition is to build the world’s leading experiential travel company. With over 2500 colleagues from around 30 countries worldwide, we are working together to achieve this by sharing our knowledge, expertise and best practices to stay at the forefront of the travel industry.

As we continue to modernize our technology landscape and expand our use of cloud platforms, we’re looking for a Senior GRC Analyst to join our team! Reporting to the Head of Security Culture and Programmes, you’ll sit right at the heart of this change, helping the business move faster and smarter by managing risk in a way that enables progress rather than slowing it down.

This role offers real influence & impact. You’ll work at the intersection of technology, risk, and business, shaping decisions that matter and seeing the direct results of your work across our North American operations.

What we’ll offer:

  • 15 vacation days + 6 PTO days
  • Competitive salary
  • Birthdays Off
  • RRSP and DPSP Retirement Plan
  • Health and dental plans after 3 months of service

What you’ll do as a Senior GRC Analyst:

Governance, Risk & Compliance
  • Lead and deliver technology risk assessments across systems, services, and suppliers
  • Identify, assess, and track security, operational, and third-party risks, turning insights into clear remediation actions
  • Maintain and continuously improve GRC processes, controls, and documentation to support growth and regulatory expectations
Audits & Assurance
  • Coordinate and lead internal security audits across our North American businesses
  • Support audit readiness and follow-through, ensuring findings translate into meaningful improvements
Contracts & Third-Party Risk
  • Review contracts for security, data protection, and regulatory requirements
  • Partner with Legal, Procurement, and vendors to assess and reduce third-party risk
  • Contribute to the evolution of our global vendor risk assessment program
Program Ownership
  • Own and run GRC initiatives end-to-end, from planning through delivery
  • Manage priorities, dependencies, and risks across multiple initiatives
Executive & Stakeholder Engagement
  • Communicate risk posture, priorities, and trade-offs to senior leaders
  • Create clear, concise risk reports and dashboards for executive audiences

What you’ll bring:

  • Strong understanding of threat, vulnerability, and information security risk concepts
  • Working knowledge of security frameworks and standards such as NIST, CIS 18, ISO 27001, and PCI DSS
  • Familiarity with data privacy and regulatory frameworks, including GDPR
  • Proven experience working cross-functionally with senior stakeholders in business, legal, IT, and security
  • Ability to clearly explain security and risk topics to both technical and non-technical audiences
  • Cybersecurity or information security certifications are a plus
  • Ability to travel internationally as required for the role; candidates with unrestricted international travel eligibility (e.g., Canadian passport holders) are preferred due to business travel needs
  • Ability to attend the office in person at least twice per month, as required for collaboration and key business activities

Ready to apply?

If you’re excited about influencing security strategy, reducing risk at scale, and working with passionate people across the globe, we’d love to hear from you.

We believe people perform best when they can be their true selves and diverse teams drive better results. We’re committed to fostering a diverse, equitable, and inclusive environment where everyone can succeed.

Travelopia ensures an inclusive workplace for all. If you need accommodations during the recruitment process, please inform us here: Talent@Travelopia.com

Key skills/competency:

  • Risk Management
  • Information Security
  • GRC Processes
  • Security Audits
  • Compliance
  • Third-Party Risk
  • NIST
  • ISO 27001
  • GDPR
  • Stakeholder Management

Tags:

Senior GRC Analyst
Governance
Risk Management
Compliance
Audits
Third-Party Risk
Security Assessments
Stakeholder Engagement
Remediation
Documentation
Program Management
NIST
CIS 18
ISO 27001
PCI DSS
GDPR
Cloud Platforms
Information Security
Cyber Security
Threat Analysis
Vulnerability Management

Share Job:

How to Get Hired at Travelopia

  • Research Travelopia's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor.
  • Tailor your resume: Highlight GRC experience, security frameworks (NIST, ISO 27001), and stakeholder management.
  • Showcase risk management expertise: Emphasize your ability to balance progress with risk mitigation in interviews.
  • Prepare for technical and behavioral questions: Demonstrate knowledge of security standards and cross-functional collaboration skills.
  • Highlight international travel eligibility: If applicable, emphasize unrestricted international travel and Canadian passport.

Frequently Asked Questions

Find answers to common questions about this job opportunity

Explore similar opportunities that match your background