GRC - Information Security Analyst

Governance, Risk, and Compliance (GRC) Outline

GRC is a framework of practices and processes used by organizations to ensure they are meeting their objectives effectively, managing risks appropriately, and complying with legal and regulatory requirements. It involves governance, risk management, and compliance. GRC is managed through policies, procedures, and technology tools to ensure compliance and manage risk effectively.

Note: Please send your resume via email to [email protected] no later than March 8, 2023.


  • Strong verbal/written communication and interpersonal skills.
  • Familiarity with industry relevant guidelines, standards, and frameworks.
  • Willingness to learn new technologies.
  • Bachelor’s degree in Computer Science, Information Technology, Information Systems, or related field OR CA degree with industry relevant IT knowledge.
  • Well versed on networking and security devices.
  • Familiar with the existing vulnerabilities on the web, networks, servers, and mobile applications.
  • Familiar with different tools and techniques used for Vulnerability Scans.


  • Good IT controls testing experience, with some IS audit experience preferable.
  • Good knowledge and understanding of IT controls testing practices, internal control frameworks and risk management activities; and skill in applying internal controls testing principles and practices.
  • Knowledge on Databases and Active Directory.
  • Some knowledge of internal audit practices and methodologies.
  • A demonstrable track record of developing successful relationships across the business.
  • Good knowledge of and experience of information systems and related processes.
  • A focus on continued improvement and achieving high standards.

Internship Takeaway

  • Understand and drive adherence to internal security policies and procedures examining records, reports, operating practices, and documentation.
  • Support the execution of information security, internal audits, external audits, and compliance reviews (e.g., NRB, CSP, PCI-DSS, ISO).
  • Complete reports and documents articulating test methodology and steps taken including the IT controls testing and findings clearly.
  • Use of security monitoring and assessments tools.
  • Stay updated on regulation and compliance changes and create awareness.
  • Act as a liaison and engage with auditees and control owners regularly to track progress against audit actions and controls in remediation.
  • Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.
  • Actively promote continuous improvement across the company.
  • Conduct vulnerability assessments and analysis of the client’s environment using both automated tools and manual techniques.
  • Analyze vulnerability test reports and suggest remediation / mitigation plan.