Senior Governance, Risk and Compliance Analyst
Top Benefits
About the role
Who you are
- Bachelor’s degree in computer science, technology management, or related technical or management field
- You have the ability to be a self starter and have agency to own the risk and compliance roadmap
- You have excellent communication skills – this is required in order to ensure that you can communicate what the risk posture of the organization is relative to your analysis of vulnerabilities and risk
- You have experience with PCI DSS, SOC2 Type II, and NIST 800-53/NIST CSF
- Hands on experience with AWS Security Hub, GuardDuty, Inspector, CloudTrail, Config, SCPs, and other AWS native technologies
- Experience leading audits and working with regulators
- Experience in building your own automations and scripts in order to pull data to adhere to automate evidence retrieval
- You have the ability to work cross functionally. This is a role where soft skills are important in order to ensure partnerships within and outside KOHO, to communicate the risk back to the organization in a clear and concise manner
- Preferred: Familiar with OSFI guidelines (B-10 and B-13) and RPAA (Retail Payment Activities Act)
- Preferred: You either possess or are working towards a CISSP
What the job involves
- We’re looking for a Senior Governance, Risk and Compliance (GRC) Analyst to join our team for a role to work remotely based in Canada
- Reporting to our Senior Manager, Product Security you’re going to be a part of a team that does…
- Building up and establishing a risk and compliance program with a maniacal focus on automation and repeatability. Specifically for PCI DSS and SOC 2, Type 2. The successful candidate will be responsible for obtaining and preparing evidence packages for submission to auditors while building the program
- Building up and/or establishing a third party cybersecurity risk management program, vulnerability management program, and phishing program
- Work with engineers and developers to triage vulnerabilities, assign risk, and prioritize fix
- Working with our internal and external partners to identify cybersecurity risks, conduct assessments of those risks, and manage the ongoing risk posture
- Create, maintain and communicate information security policies, standards, and procedures across the organization
- Advising security leadership on risk management strategies, including risk mitigation, risk reduction, compensating controls, and residual risk analysis
- Working with our People and Culture team to ensure that all KOHOnians have a good baseline for security awareness
- Support broader tech compliance requirements as it relates to RPAA, Mastercard, OSFI, and more
Benefits
- Stock options
- Semi-annual merit increases
- Holiday bonus
- Work from anywhere
- Generous PTO
- Health & Lifestyle spending accounts
- $1000 remote office setup budget
- $5000 referral bonus
- Free KOHO Premium account
- Icon Potential Alt Text
- In-house coaching program
- $2000 annual training allowance
- Approachable leadership
- Bias towards action
About KOHO
KOHO is one seamless platform for your money and life. Founded in 2014, we are a forward-thinking fintech company dedicated to financially empowering a generation of Canadians. With a Mastercard and innovative tools, we provide our users with the ability to earn, spend, borrow, build credit, and budget—all in one convenient app.
Driven by a genuine desire to help people make financial progress, KOHO has touched the lives of over 1.7 million users. Our mission is to make finance accessible, engaging, and user-friendly, ensuring that everyone has the resources they need to take control of their financial future.
We’re proud to offer a product that our users love, and we remain committed to innovating and evolving to meet their needs. Join us on this journey as we reshape personal finance in Canada.
Senior Governance, Risk and Compliance Analyst
Top Benefits
About the role
Who you are
- Bachelor’s degree in computer science, technology management, or related technical or management field
- You have the ability to be a self starter and have agency to own the risk and compliance roadmap
- You have excellent communication skills – this is required in order to ensure that you can communicate what the risk posture of the organization is relative to your analysis of vulnerabilities and risk
- You have experience with PCI DSS, SOC2 Type II, and NIST 800-53/NIST CSF
- Hands on experience with AWS Security Hub, GuardDuty, Inspector, CloudTrail, Config, SCPs, and other AWS native technologies
- Experience leading audits and working with regulators
- Experience in building your own automations and scripts in order to pull data to adhere to automate evidence retrieval
- You have the ability to work cross functionally. This is a role where soft skills are important in order to ensure partnerships within and outside KOHO, to communicate the risk back to the organization in a clear and concise manner
- Preferred: Familiar with OSFI guidelines (B-10 and B-13) and RPAA (Retail Payment Activities Act)
- Preferred: You either possess or are working towards a CISSP
What the job involves
- We’re looking for a Senior Governance, Risk and Compliance (GRC) Analyst to join our team for a role to work remotely based in Canada
- Reporting to our Senior Manager, Product Security you’re going to be a part of a team that does…
- Building up and establishing a risk and compliance program with a maniacal focus on automation and repeatability. Specifically for PCI DSS and SOC 2, Type 2. The successful candidate will be responsible for obtaining and preparing evidence packages for submission to auditors while building the program
- Building up and/or establishing a third party cybersecurity risk management program, vulnerability management program, and phishing program
- Work with engineers and developers to triage vulnerabilities, assign risk, and prioritize fix
- Working with our internal and external partners to identify cybersecurity risks, conduct assessments of those risks, and manage the ongoing risk posture
- Create, maintain and communicate information security policies, standards, and procedures across the organization
- Advising security leadership on risk management strategies, including risk mitigation, risk reduction, compensating controls, and residual risk analysis
- Working with our People and Culture team to ensure that all KOHOnians have a good baseline for security awareness
- Support broader tech compliance requirements as it relates to RPAA, Mastercard, OSFI, and more
Benefits
- Stock options
- Semi-annual merit increases
- Holiday bonus
- Work from anywhere
- Generous PTO
- Health & Lifestyle spending accounts
- $1000 remote office setup budget
- $5000 referral bonus
- Free KOHO Premium account
- Icon Potential Alt Text
- In-house coaching program
- $2000 annual training allowance
- Approachable leadership
- Bias towards action
About KOHO
KOHO is one seamless platform for your money and life. Founded in 2014, we are a forward-thinking fintech company dedicated to financially empowering a generation of Canadians. With a Mastercard and innovative tools, we provide our users with the ability to earn, spend, borrow, build credit, and budget—all in one convenient app.
Driven by a genuine desire to help people make financial progress, KOHO has touched the lives of over 1.7 million users. Our mission is to make finance accessible, engaging, and user-friendly, ensuring that everyone has the resources they need to take control of their financial future.
We’re proud to offer a product that our users love, and we remain committed to innovating and evolving to meet their needs. Join us on this journey as we reshape personal finance in Canada.