GCR and Business Continuity Analyst - #196453

We are seeking a Governance, Risk & Compliance and Business Continuity Analyst to support the continued development and maturity of enterprise security programs. This role is ideal for a security-focused professional with broad experience in governance, risk management, compliance, and business continuity planning. The successful candidate will bring a well-rounded understanding of cybersecurity principles and practices, strong documentation and policy development skills, and the ability to support audits, training, and regulatory readiness across a dynamic security environment. This is a strategic position within a growing security team tasked with protecting both corporate IT and industrial infrastructure.

Responsibilities

· Develop, maintain, and enhance security governance frameworks, policies, standards, and procedures.

· Conduct risk assessments and third-party vendor security reviews, identifying gaps and tracking mitigation efforts.

· Monitor compliance with internal controls, industry standards, and regulatory requirements across both IT and operational environments.

· Support business continuity and disaster recovery program activities, including documentation, testing, and stakeholder engagement.

· Facilitate threat and risk assessments to proactively identify vulnerabilities and assess potential impact.

· Coordinate and support internal and external audits, providing evidence, documentation, and status reports.

· Document, track, and manage risk items and exceptions through formal GRC tools or platforms.

· Recommend improvements to security processes and procedures based on current industry best practices and trends.

· Provide security-related input on change management processes, ensuring alignment with compliance requirements.

· Contribute to awareness and training programs to promote a culture of security across the organization

Qualifications:

· Minimum 8+ years of progressive experience in security governance, risk management, compliance, and business continuity across mid-to-large-scale enterprise environments.

· At least 3 years of recent, hands-on experience working directly within a security team supporting IT and/or OT infrastructure.

· Proven track record developing and maintaining governance frameworks, security policies, and enterprise-wide compliance programs.

· Strong familiarity with regulatory standards and security frameworks (e.g., NIST, ISO 27001, CIS Controls).

· Demonstrated experience conducting enterprise risk assessments and third-party vendor reviews, with clear documentation and remediation tracking.

· Experience supporting internal and external audits, managing evidence collection, and coordinating stakeholder responses.

· Proficiency with risk management methodologies and GRC tools for documenting, prioritizing, and monitoring risks.

· Security certification required: CISSP, CISM, or CISA.

· Asset: Experience in ICS/SCADA environments or hybrid IT/OT security operations.

Affinity Earn:

Know someone who’s great for this, or any of our open roles? Earn up to $4,000/year for each successful referral through Affinity Earn. You can also earn up to $50,000 for helping us find new clients. Learn about our referral program at https://affinity-group.ca/earn/ or browse our jobs & follow us at https://www.linkedin.com/company/affinity-staffing/jobs/

About Affinity:

Affinity Group is a technology and business consulting and services company. We believe in creating long term relationships between clients and consultants that foster a mutually beneficial partnership. Affinity is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided on the basis of qualifications, merit and business need.

For more information on Affinity, please visit www.affinity-group.ca

Job Number: 12343