ServiceNow GRC Business Analyst, Senior Associate (Canada)

As Senior Associate, you will help assess, design, and deploy RSM’s GRC program and technology implementation products across a range of industries and geographic locations.

Examples of candidate responsibilities include the following areas:

• Developing strong working relationships with clients built on understanding their businesses and challenges
• Work across multiple client account teams within a wide variety of industries.
• Managing multiple team engagements simultaneously, including several pieces of any assignment—not just a single area of focus
• Working in a mutually respectful team environment helps our associates perform at their best and integrate their career with their personal life
• Business analysis and requirements gathering to include:
  • Stakeholder Management – Engaging with business, IT, security, and compliance teams.
  • Requirement Elicitation – Identifying business needs, security policies, and user access requirements.
  • Process Mapping – Documenting current vs. future state workflows.
  • Use Case Development – Defining user roles, access levels, and authentication scenarios.
  • Roadmap Development- Building out multi-stage, multi-year plan for the rollout of new cybersecurity capabilities.
  • Project Planning – Detail out the activities, duration, and dependencies for a complex solution deployment as well as ability to track status and escalate risks and issues.

• Experience working in security operations or compliance operations environments.
• Working to evaluate cybersecurity requirements and design and/or operate controls to address these requirements

Basic Qualifications:

Role Specific Qualifications

• 3-6 years of experience:
  • Building, leading and developing high performing teams
  • Mentoring and influencing others both internally and within client organizations
  • Managing client work and drive client communications with little or no oversight from RSM Senior Leadership
  • Managing budgets and resource allocation including, but not limited to program and project management
  • Implementations with leading ServiceNow IRM and/or SecOps solutions
  • GRC solution testing strategies and methods (user acceptance testing, integration testing, performance testing, high availability/failover testing)
  • Develop business requirements, fit gap analysis, design and build documentation, and solution roadmapping
  • Performing project management activities including project plan development, status management as well risk, issue, action item and decision management
• ServiceNow Certification: Certified System Administrator (CSA) (preferred) and one of other specialized certifications like Certified Implementation Specialist (CIS) in Security Operations (SecOps), Vendor Risk Management (VRM), and IRM (Integrated Risk Management)
• Technical background in computer science and related fields
• The ability to interpret and convey technical information through written and oral communications to all levels of technical aptitude, including senior management
• High degree of integrity and confidentiality, as well as ability to adhere to company policies and best practices
• Possesses a strong internal drive and motivation for continuous improvement
• Knowledge of change management, user training, and organization impact principles
• Familiarity with the development and management of IT and/or cybersecurity requirements and use case development
• Familiarity with the design and implementation of Governance, Risk, and Compliance (GRC) solutions for cybersecurity risk management and/or Security Operations (e.g., ServiceNow, AuditBoard)
• Basic knowledge of common compliance requirements (e.g., NIST CSF, COBIT, CIS, NIST 800-530, ISO 27001, PCI, HIPAA, CMMC, etc)
• Passion for regulatory compliance and cybersecurity and ability to self-direct and teach themselves about new and emerging cybersecurity concepts.
• Excellent written and verbal communication skills, with a focus on translating technical requirements for business stakeholders.
• Ability to manage and prioritize multiple tasks in a fast-paced environment, particularly in support of cybersecurity project lifecycles.

Preferred Qualifications

• Bachelor’s degree in Information Security, Risk Management, or related field.
• Experience with implementation of one or more GRC technologies including Workiva, MetricStream or OneTrust
• Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®); or equivalent security certifications.
• Experience with Microsoft tools such as Excel and PowerPoint.
• Delivery background with ITSM platforms such as ServiceNow, Jira, etc.
• Development and/or architecture experience with API connectors, data lake, or BI tools (e.g., PowerBI) for risk reporting) as well as automation and/or AI/ML services.
• Familiarity with common cloud security concepts, delivery models and changing division of cybersecurity responsibilities between vendors and customers