We pride ourselves on being travel experts. Leading the way when it comes to providing unique travel experiences, our brands offer the world’s best polar expeditions, wildlife safaris, cultural tours, yachting adventures and more.

Our ambition is to build the world’s leading experiential travel company. With over 2500 colleagues from around 30 countries worldwide, we are working together to achieve this by sharing our knowledge, expertise and best practices to stay at the forefront of the travel industry.

As we continue to modernize our technology landscape and expand our use of cloud platforms, we’re looking for a SeniorGRC Analyst to join our team! Reporting to the Head of Security Culture and Programmes, you’ll sit right at the heart of this change, helping the business move faster and smarter by managing risk in a way that enables progress rather than slowing it down.

This role offers real influence & impact. You’ll work at the intersection of technology, risk, and business, shaping decisions that matter and seeing the direct results of your work across our North American operations

What we’ll offer:

• 15 vacation days + 6 PTO days
• Competitive salary
• Birthdays Off
• RRSP and DPSP Retirement Plan
• Health and dental plans after 3 months of service

What you’ll do:

Governance, Risk & Compliance

• Lead and deliver technology risk assessments across systems, services, and suppliers
• Identify, assess, and track security, operational, and third-party risks, turning insights into clear remediation actions
• Maintain and continuously improve GRC processes, controls, and documentation to support growth and regulatory expectations

Audits & Assurance

• Coordinate and lead internal security audits across our North American businesses
• Support audit readiness and follow-through, ensuring findings translate into meaningful improvements

Contracts & Third-Party Risk

• Review contracts for security, data protection, and regulatory requirements
• Partner with Legal, Procurement, and vendors to assess and reduce third-party risk
• Contribute to the evolution of our global vendor risk assessment program

Program Ownership

• Own and run GRC initiatives end-to-end, from planning through delivery
• Manage priorities, dependencies, and risks across multiple initiatives

Executive & Stakeholder Engagement

• Communicate risk posture, priorities, and trade-offs to senior leaders
• Create clear, concise risk reports and dashboards for executive audiences

What you’ll bring:

• Strong understanding of threat, vulnerability, and information security risk concepts
• Working knowledge of security frameworks and standards such as NIST, CIS 18, ISO 27001, and PCI DSS
• Familiarity with data privacy and regulatory frameworks, including GDPR
• Proven experience working cross-functionally with senior stakeholders in business, legal, IT, and security
• Ability to clearly explain security and risk topics to both technical and non-technical audiences
• Cybersecurity or information security certifications are a plus
• Ability to travel internationally as required for the role; candidates with unrestricted international travel eligibility (e.g., Canadian passport holders) are preferred due to business travel needs
• Ability to attend the office in person at least twice per month, as required for collaboration and key business activities

Ready to apply?

If you’re excited about influencing security strategy, reducing risk at scale, and working with passionate people across the globe, we’d love to hear from you.

We believe people perform best when they can be their true selves and diverse teams drive better results. We’re committed to fostering a diverse, equitable, and inclusive environment where everyone can succeed.

Travelopia ensures an inclusive workplace for all. If you need accommodations during the recruitment process, please inform us here: Talent@Travelopia.com

#LI-CA1 #LI-HYBRID