Governance, Risk & Compliance Analyst

Docebo

  • Toronto, ON
  • Permanent
  • Temps-plein
  • Il y a 17 jours
Artificial Intelligence. Actual Impact.At Docebo, AI isn't just a buzzword - it's how we help teams move faster, perform better, and focus on the work that actually matters. Our learning platform is built with smart, time-saving tools that personalize training, cut the busywork, and make learning feel like less of a chore (and more of a superpower).We're building the future of learning, and we're doing it with a team that loves to challenge the status quo. If you're excited by the idea of using AI to make work-life better for real people - not just in theory - you're in the right place.Still thinking it over? At Docebo, values aren't just posters on the wall - they show up in how we work every day. We lead with what we call the Docebo Heart: we trust each other, assume positive intent, and make space for the differences that make our team stronger.So… what are you waiting for? Join 900+ Docebians around the world and help us reinvent the way people learn.About This Opportunity:The role of Docebo's Governance, Risk & Compliance Analyst II is crucial for developing, implementing, and maintaining the company's comprehensive security and compliance posture. This position balances the critical internal functions of governance and risk management with the external need to demonstrate the business value of a solid compliance program to prospects and customers.This role is essential for ensuring that Docebo adheres to a wide range of regulatory frameworks and maintains robust security measures. Collaborating with internal teams to build and enforce policies, they also work closely with Sales & Legal teams to effectively address customer compliance and security requirements. This role involves leading continuous improvement efforts in our control environment and staying current on emerging compliance regulations, security threats, and industry best practices.To be successful as a Governance, Risk & Compliance Analyst II, you need a proactive and structured approach to building and managing security and compliance programs. Strong, hands-on experience in developing security policies, conducting risk assessments, and managing audit cycles is crucial. Excellent analytical, problem-solving, and communication skills are essential, as you'll collaborate with various teams, external partners, and auditors.To enhance your effectiveness in this role, a Bachelor's degree in computer science, information security, or a related field is beneficial. Certifications such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP) can further strengthen your qualifications. Additionally, proficiency in GRC platforms (e.g., Drata, OneTrust) will support your success. \nResponsibilities:
  • Governance, Policy, and Control Management: Develop, maintain, and enhance cybersecurity and privacy policies, standards, and control frameworks to align with key industry regulations (e.g., PCI DSS, ISO 27001, SOC 2, ISO 42001) and business objectives.
  • Risk Management & Assessments: Conduct and coordinate comprehensive cybersecurity risk assessments across the organization to identify, evaluate, and prioritize risks. Develop, monitor, and track risk treatment and remediation plans, providing guidance to stakeholders on mitigation strategies.
  • Internal and External Audit Support: Lead and coordinate Docebo's activities for both internal and external audits (e.g., ISO 27001/42001, SOC 2, PCI DSS, SOX), including evidence collection, interfacing with auditors, and managing findings to ensure successful certification and compliance.
  • Customer Engagement and Response: Respond to customers' security and privacy related inquiries, compile comprehensive responses (mainly RFI, RFP, and RFQ), and address compliance questionnaires, ensuring timely and accurate information dissemination to actively support the sales process.
  • Vendor Risk Assessment and Monitoring: Support the evaluation of company third-party vendor-associated risks, monitor security controls, and maintain risk management reporting dashboards to mitigate risk and effectively qualify company suppliers; in collaboration with the GRC team.
  • Cross-functional collaboration: Collaborate across all company departments to embed security controls and align compliance, security, and privacy efforts with business objectives. Consult with departments to assess changes, advise on compliance obligations, and support the evolution of company compliance programs.
  • Documentation and Reporting: Maintain comprehensive documentation of compliance activities, including policies, risk assessments, and audit findings. Prepare detailed reports on the status of the GRC program for management and regulatory authorities.
Requirements:
  • Typically 4+ years of relevant work experience.
  • Working experience IT Risk Management, Governance, or a similar Information Security role.
  • Direct, hands-on experience developing security policies, conducting risk assessments, and managing internal/external audit cycles for a SaaS company.
  • Working knowledge of information security principles, trends, and best practices, specifically cloud environments and services (eg: AWS, Azure, GCloud).
  • Knowledge of GDPR requirements and other data privacy laws (eg: CCPA, PIPEDA).
  • Knowledge of ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, ISO 9001, SOX, DORA, NIST CSF, and AICPA/ISAE 3000 SOC 2 & PCI DSS.
  • Knowledge of CFR21 Part 11.
  • FedRamp framework knowledge.
\nBenefits & Perks 😍-Generous Vacation Policy, plus extra floating holidays to use for religious or cultural events that matter to you-Employee Share Purchase Plan-Career progression/internal mobility opportunities-Four employee resource groups to get involved with (the Docebo Women's Alliance, PRIDE, BIDOC, and Green Ambassadors)-WeWork partnership and “Work from Anywhere” programHybrid Office Model 🏢We believe when people are together, they develop deeper relationships and accelerate innovation. Because of this, all Docebo employees worldwide are “hybrid.” We encourage in-person collaboration while supporting work-from-home when employees need dedicated focus time, allowing Docebians to do their best every day. Each team leader is able to decide how often their teams come into the office, considering the needs of the team and the employee's needs. Our Talent Acquisition team will let you know about the role you are applying for and the hybrid details during the first interview.About Docebo 💙Here at Docebo, we power learning experiences for over 3000 customers around the world with our easy-to-use, AI-powered Suite designed to close the enterprise learning loop. We have successfully achieved 2 IPOs ( ), been recognized as a Top SaaS e-learning Solution, and are growing exponentially in the process.Docebo is a global company with offices in North America, EMEA, APAC and more. Our people believe in six core values, simply defined and manifested in everything we do - Innovation, Simplicity, Accountability, Togetherness, Curiosity, and Impact. If this sounds like you, now is your time to join one of the fastest-growing learning technology companies on the market. Apply today!Docebo is an Equal Employment Opportunity employer. We are committed to diversity and inclusion in our workforce. All qualified applicants and employees will receive consideration for employment regardless of their race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, citizenship status, age, disability, genetic information, or any other category protected under applicable law.Any individuals requiring a reasonable accommodation to assist with their job search or application for employment should send an e-mail to recruiting_accommodations(at) docebo.com. The e-mail should include a description of the requested accommodation and the position you're applying for or interested in.

Docebo