Analyst II, Security GRC

The Opportunity

As an Analyst II, Governance, Risk & Compliance (GRC), you will support the Information Security team in maintaining compliance, managing risk, and strengthening Moneris security posture. This role offers exposure to industry‑standard security frameworks including Payment Card Industry Data Security Standard (PCI DSS), National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ISO 27001, and SOC 2. You will contribute to control testing, audit readiness, and risk assessments in a regulated environment where compliance and data security are critical.

Working alongside senior analysts, you’ll build hands‑on experience with governance processes, third‑party risk, and compliance tooling while supporting initiatives that directly impact enterprise security and operational resilience.

• Location:
  
  Toronto (Hybrid)
• Reporting Relationship:
  Senior Manager, GRC
• Posting Type:
  Replacement Role
• Salary Range: $66,000 - $93,000 (base). Total compensation may also include variable or discretionary incentive components.

• Support administration and tracking of compliance controls across PCI DSS, ISO 27001, NIST CSF, and SOC 2.
• Collect, validate, and maintain audit evidence for regulatory and internal assessments.
• Assist in risk assessments, control testing, and remediation tracking.
• Maintain and update security policies, standards, and control documentation.
• Update and manage risk and compliance data within GRC platforms (e.g., Metric Stream).
• Support third‑party and vendor risk assessments, including documentation and evidence review.
• Prepare reports, metrics, and dashboards for stakeholders and leadership.
• Participate in security awareness and compliance training initiatives.

• 2+ years of experience in information security, compliance, risk management, or IT audit.
• Foundational knowledge of security frameworks (PCI DSS, NIST CSF, ISO 27001, SOC
  2).
• Experience supporting audits, security assessments, or control testing.
• Experience working with or exposure to GRC tools (e.g., Metric Stream).
• Strong analytical skills with the ability to identify trends and summarize findings.
• Strong attention to detail and experience managing documentation and evidence.

• Bachelor’s degree in Information Security, IT, Risk Management, or related field.
• Industry certifications (e.g., Security+, CISA, CRISC Fundamentals, CISSP – Associate level).
• Experience with third‑party risk or vendor assessments.
• Exposure to regulated industries (e.g., payments, financial services).

We welcome and encourage applications from Indigenous peoples, people of colour, people with disabilities, people of all genders, sexual orientation and intersectional identities. We recognize that people from equity‑deserving groups (including racialized individuals, women, gender diverse individuals, individuals with disabilities, neurodivergent individuals, members of 2

SLGBTQIA+ communities and those born outside of Canada) are less likely to apply for jobs unless they feel they meet all the requirements posted. At Moneris, we believe candidates bring experience to their work in many ways. We encourage you to apply and share, in the application form, the transferrable experience you bring, and how this will support your success in this role.