Print / Save PDF Back to job

Senior GRC Analyst

Benevity · Canada

How to use this kit

Ground every answer in facts on this page and the original listing. We never invent Glassdoor-style reviews or salaries that are not in our data.

Interview prep

Be ready to walk through a control failure you investigated, how you evidence continuous compliance for SaaS, and how you’d prioritize risks for a donation/volunteer platform serving Fortune-scale customers. Know Benevity’s product surface at a high level.

Fit summary

Strong fit if you already own GRC work end-to-end and care about trust in social-impact software. Thin location detail and no pay data mean you should clarify Canada work arrangement, team scope, and frameworks in use early.

Day in the role

As a Senior GRC Analyst at Benevity, expect to assess control design and evidence for a SaaS platform that handles donor, volunteer, and grant data for large brands. Typical work: risk assessments, policy and control mapping, vendor/third-party reviews, audit readiness, and partnering with security, legal, and product on residual risk—grounded in enterprise trust for CSR systems.

Skills to emphasize

Prioritize risk frameworks (e.g., ISO 27001, SOC 2-style control thinking), policy writing, control testing, and clear stakeholder communication. No certified training catalog was supplied for this listing.

FAQ from this listing

What does Benevity sell?

Enterprise platforms for charitable giving, volunteering, and grants, used by large brands and many Fortune 1000 firms historically.

Where is this role based?

The listing says Canada only; city, remote, and hybrid details are not in the provided data.

Is salary listed?

No compensation figures were provided for this role, so none are stated here.

Company facts (cached)

Website: benevity.com

Benevity is a Calgary-based company that provides charitable donation-management, volunteer-management and grant-management platforms. Benevity is one of Western Canada's largest startups. Its customers include Nike, Coca-Cola, Microsoft, Google, and Apple, and about 250 of the Fortune 1000 as of 2017.

Public cache only — not an employee review.

Role overview (listing rewrite)

Benevity is hiring a Senior GRC Analyst in Canada to strengthen how we govern security, risk, privacy, and regulatory compliance across a fast-moving SaaS environment. This full-time role puts you at the center of building trust with the clients, partners, and stakeholders who rely on Benevity every day. About the Role As Benevity's Senior Governance, Risk & Compliance (GRC) Analyst, you will own the day-to-day execution and ongoing maturation of our GRC program. You'll lead compliance and audit activities, run risk assessments, support third-party risk management, answer client due diligence requests, and help meet FINTRAC/AML obligations. Acting as a cross-team advisor, you'll shape policies and controls, keep Benevity aligned with leading frameworks and privacy laws, and champion a culture rooted in security and accountability. Key Responsibilities Help build and maintain security and privacy policies and control frameworks mapped to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations. Manage policy approvals, exceptions, and attestations while pursuing automation and process improvements. Plan and carry out enterprise risk assessments, maintain the risk register, and drive remediation and treatment planning. Advance the Third-Party Risk Management (TPRM) program through vendor onboarding reviews and ongoing monitoring. Lead audit readiness for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and beyond, coordinating evidence and auditor engagement. Respond to customer security questionnaires, RFPs, and TPRM requests in partnership with sales and client success teams. Support cross-jurisdictional privacy work (GDPR, PIPEDA, CCPA/CPRA) and FINTRAC AML/ATF reporting, monitoring regulatory change. Deliver dashboards and executive reporting, run the Security Awareness & Training program, and mentor junior team members. Qualifications 5+ years across cybersecurity, governance, risk, compliance, or privacy, ideally in SaaS or high-growth settings. Solid command of ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and CCPA/CPRA. Hands-on use of GRC tooling such as OneTrust, Hyperproof, SecurityPal, AuditBoard, or Drata. A track record running risk assessments, TPRM, risk registers, and client due diligence (questionnaires, RFPs). Clear communication with technical and non-technical audiences, plus strong project management skills. Interest in applying automation and AI to GRC; CISM, CRISC, CISSP, CISA, or CIPM/CIPP certifications…

Full job on Get A Job.AI

Questions to ask them

Generated for personal interview prep · 2026-07-15 UTC · getajob.ai