About the Role

CapIntel is looking for a Governance, Risk & Compliance (GRC) Analyst to help strengthen and scale our information security and compliance program. In this role, you’ll work closely with the Director of Information Security and cross-functional partners across Engineering, People, Sales, and Customer Success to ensure our security remains strong, audit-ready, and aligned with regulatory and customer expectations. You’ll contribute to maintaining core security programs, supporting audit cycles, managing third-party risk, and helping the business confidently respond to customer and regulatory security requirements.

This role is suited for candidates who are highly organized, detail-oriented, and comfortable operating in a fast-moving fintech SaaS environment. We are searching for someone with a foundational understanding of security and compliance frameworks, strong project management skills, and the ability to communicate risk and security concepts clearly to both technical and non-technical stakeholders.

What You’ll Do

Support CapIntel’s Governance, Risk, and Compliance program

• Maintain and improve security policies, standards, and procedures to support the ongoing maturity of CapIntel’s Information Security Program.
• Maintain the company’s risk register, including tracking remediation activities and providing regular updates on risk posture.
• Support SOC 2 and other compliance initiatives by assisting with control design, coordinating evidence collection, and supporting internal and external audits.
• Track audit findings and remediation actions to ensure issues are resolved in a timely manner and controls remain effective.

Manage third-party risk and customer security reviews

• Execute vendor security assessments and due diligence reviews, maintain the vendor risk register, and track remediation of identified risks.
• Coordinate vendor reassessment cycles and escalate material risks or concerns when necessary.
• Serve as the primary point of contact for customer and prospect security questionnaires, maintaining a library of standardized responses and coordinating with internal teams when needed.
• Participate in customer security discussions or audits to represent CapIntel’s security posture.

Support operational security, privacy, and security awareness initiatives

• Assist the Security Incident Response Team (SIRT) during incidents by coordinating documentation, timelines, and communications.
• Support the maintenance and testing of Business Continuity and Disaster Recovery plans and track post-incident action items.
• Assist with privacy and data protection initiatives, including data mapping, data handling reviews, and breach response coordination in partnership with Legal and Security leadership.
• Support CapIntel’s security awareness program by coordinating training campaigns, phishing simulations, and tracking participation metrics.

What You’ll Bring

• Experience in governance, risk, compliance, information security, or audit-related roles
• Experience supporting security or compliance programs such as SOC 2, NIST CSF, ISO 27001, or similar frameworks
• Exposure to audit processes, including evidence collection, control documentation, or audit coordination
• Familiarity with risk management concepts, including maintaining risk registers or tracking remediation activities
• Experience completing or coordinating customer security questionnaires is an asset
• Strong organizational and project management skills, with the ability to manage multiple compliance workstreams and deadlines
• Ability to operate effectively in a fast-moving environment with evolving processes

Nice to Have

• Experience in SaaS, fintech, or financial services environments
• Familiarity with third-party risk management or vendor security assessments
• Exposure to privacy concepts or regulatory environments such as PIPEDA, GDPR, or OSFI guidelines
• Security or risk certifications such as CompTIA Security+, CISA, CRISC, or ISO 27001-related certifications
• Experience contributing to process improvement or automation of compliance workflows, including the use of AI tools