Senior Technology Governance, Risk, and Compliance Analyst

Work Location

Edmonton Corporate Office

About SNDL

SNDL is the largest private sector liquor and cannabis retailer in Canada with retail banners that include Ace Liquor, Wine and Beyond, Liquor Depot, Value Buds, and Spiritleaf. As a licensed cannabis producer, SNDL also has indoor state-of-the-art grow-op facilities to supply wholesale and retail customers under a cannabis brand portfolio that includes Top Leaf, Sundial, Palmetto, Spiritleaf Selects, and Grasslands. SNDL's investment portfolio seeks to deploy strategic capital through direct and indirect investments and partnerships throughout the global cannabis industry.

About the Role

SNDL is seeking an experienced Senior Technology Governance, Risk, and Compliance (GRC) Analyst to support the organization’s Business Technology (BT) compliance and risk management initiatives, with a strong emphasis on Sarbanes-Oxley (SOX). This role is ideal for compliance professionals with 3 to 5 years of experience who are looking to deepen their expertise in a regulated environment while contributing to the development and execution of enterprise-wide IT GRC programs.

The successful candidate will work closely with stakeholders across BT, Finance, HR, Internal Audit and other related business units to help safeguard the organization’s information assets while ensuring a consistent adherence to regulatory standards.

Primary Responsibilities

• Review and ensure that the organization’s processes, policies, and procedures meet legal and regulatory standards such as PCI DSS and Sarbanes-Oxley (SOX).
• Lead internal stakeholder education and communication initiatives pertaining to internal control policies.
• Interpret compliance guidelines to ensure that SNDL BT systems and technologies are both secure and optimized for compliance.
• Serve as a point of contact for BT-related audits, including external (PCI DSS, SOX, etc.) as well as applicable internal audits.
• Prepare evidence required for audits; thereafter, track related findings and manage the remediation of any issues identified.
• Collaborate with various departments to identify and resolve compliance issues.
• Conduct risk assessments, monitor compliance issues, and recommend solutions to maintain compliance.
• Assist with developing BT policies and procedures.
• Assess and report on the design and operating effectiveness of entity controls, ITGCs, application controls and business process controls.
• Maintain accurate program documentation, from scoping and control documentation to testing evidence and risk assessment.
• Promote a culture of compliance and risk awareness across corporate and business segment teams.
• Other duties as assigned by BT GRC management.

Requirements

• Bachelor’s degree in Computer Science, Business, Information Systems, Accounting, Information Technology or a related field.
• 3 to 5 years of experience in Internal Controls, IT Compliance, IT Audit, Technology risk, or Information Security for a mid- to large-sized organization.
• Relevant certifications such as CISA, CISSP, CRISC, PCI, CISM and/or CGEIT are preferred.
• Technical Knowledge of IT GRC best practices, frameworks, regulatory requirements and laws (e.g. COBIT, COSO, SOC 2, PCI DSS, SOX, ITIL, NIST, ISO).
• Experience in conducting risk assessments and monitoring compliance issues.
• Strong analytical, problem-solving ability, with an aptitude for “connecting the dots” across the technology and compliance domains.
• Effective communication skills, with the ability to present ideas to technical as well as non-technical audiences.
• Ability to work independently and collaboratively in a fast-paced environment.
• Strong process improvement mindset with a keen attention to detail.
• Good knowledge of ERP Systems (Microsoft D365 and/or Business Central) and collaboration platforms such as SharePoint. Experience using a GRC/audit tool is a bonus.
• Curious, enthusiastic, and possessing a strong passion for technology.

As a valued member of the SNDL team, you will enjoy:

• Competitive total compensation and incentives.

• An extended benefits package including medical, health spending account and dental.

• An entrepreneurial and innovative environment that fosters growth and continuous learning.

We are grateful for the interest in this role from all candidates, however we will be contacting only those that are selected for next steps in the hiring process.

Our Commitment to Diversity & Inclusion:

SNDL is an equal opportunity employer. We are committed to building a welcoming, inclusive, diverse, and safe workplace where all our team members have equal opportunity to succeed. We know this begins with recruitment. To honor our commitment, SNDL encourage applications from individuals from all backgrounds, sexual orientation, gender identity, ancestry, ages and abilities.