Docebo

Governance, Risk & Compliance Analyst

Docebo

full-time

Posted on:

Origin:  • 🇨🇦 Canada

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

AWSAzureCloudCyber Security

About the role

  • Develop, maintain, and enhance cybersecurity and privacy policies, standards, and control frameworks to align with key industry regulations (PCI DSS, ISO 27001, SOC 2, ISO 42001) and business objectives.
  • Risk management across the organization: conduct cybersecurity risk assessments, develop remediation plans, and guide stakeholders on mitigation strategies.
  • Lead internal and external audits (ISO 27001/42001, SOC 2, PCI DSS, SOX); manage evidence collection and auditor findings.
  • Engage with customers: respond to security/privacy inquiries and provide comprehensive responses (RFI/RFP/RFQ) to support sales.
  • Vendor risk assessment and monitoring; maintain risk dashboards in collaboration with GRC team.
  • Cross-functional collaboration to embed security controls and align compliance with business objectives.
  • Maintain documentation and reporting of compliance activities and audit findings for management and authorities.

Requirements

  • Typically 4+ years of relevant work experience.
  • Working experience IT Risk Management, Governance, or a similar Information Security role.
  • Direct, hands-on experience developing security policies, conducting risk assessments, and managing internal/external audit cycles for a SaaS company.
  • Working knowledge of information security principles, trends, and best practices, specifically cloud environments and services (eg: AWS, Azure, GCloud).
  • Knowledge of GDPR requirements and other data privacy laws (eg: CCPA, PIPEDA).
  • Knowledge of ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, ISO 9001, SOX, DORA, NIST CSF, and AICPA/ISAE 3000 SOC 2 & PCI DSS.
  • Knowledge of CFR21 Part 11.
  • FedRamp framework knowledge.