Analyste en gouvernance, risques et conformité (GRC) / Governance, risk, and compliance (GRC) analyst
The Windfall Project, owned by Gold Fields, is located in northern Québec. By joining our passionate team, committed to creating lasting value beyond mining, you will have the opportunity to contribute to the construction and startup of a world-class mining project, one of the most ambitious in recent decades.
Gold Fields is a globally diversified gold producer with operations in Australia, South Africa, Ghana, Peru, Canada and Chile. At Gold Fields, we are committed to achieving an inclusive workforce and recognize that the diverse talent of our people will ultimately determine our growth, performance and success.
This is a role that offers you the opportunity to lead high-impact initiatives, collaborate with experts, and contribute to our growth in Québec. You will thrive in a dynamic environment where challenges and an exceptional workplace will support your professional growth.
Join the Windfall adventure!
=========================
Reporting to the Chief Financial Officer, the Governance, Risk, and Compliance (GRC) Analyst plays a key role at the intersection of IT, SOX internal controls, and operations. The incumbent is responsible for proactively managing user access, implementing and maintaining standard operating procedures (SOPs), and applying preventive access controls on corporate systems. This role aims to ensure system integrity, compliance, operational continuity, and audit readiness. Will work a 5-2 schedule at the Montreal office.
Duties and responsibilities
•Comply with occupational health and safety and environmental policies and rules at all times;
•Administer and govern user access to corporate systems (creation, modification, revocation, and periodic review);
•Develop, maintain, and evolve SOPs related to system access and use;
•Implement and monitor IT and operational access controls (preventive and detective);
•Collaborate with Internal Controls, IT Security, and Process Owners to ensure compliance with regulatory and internal requirements;
•Support internal and external audits by preparing documentation, evidence, and control tests;
•Monitor user access and activity to identify anomalies, segregation of duties (SoD) conflicts, or non-compliant situations;
•Participate in the design and improvement of roles, permissions, and approval workflows;
•Manage documentation and records related to system governance, controls, and access processes;
•Participate in governance committees or change management processes related to systems and security;
•Contribute to the continuous improvement of governance and control processes;
•Perform any other tasks related to the Governance, Risk, and Compliance (GRC) Analyst position that are relevant to the success of the project.
Qualifications required
•Bachelor's degree in Information Systems, Administration, Finance, IT, Information Security, or a related field (or equivalent experience);
•2 to 5 years of experience in one or more of the following areas:
o IT Governance / GRC
o Internal Controls / Compliance / SOX
o Access Management (IAM)
o Audit (internal or external)
o Information Security
o SOX Environment
o Enterprise Systems Administration;
•Bilingualism (French and English), will be required to interact with the Gold Fields team.
Technical skills
•Knowledge of provisioning processes, role management, and Separation of Duties (SoD) principles;
•Experience with ERP systems or business applications (SAP, Oracle, MS Dynamics, etc.);
•Familiarity with IT access controls and ITGC;
•Proven ability to write SOPs, workflows, or governance documentation;
•Ability to interpret the risks/controls associated with systems and security;
•Experience with frameworks such as SOX, ISO 27001, NIST, COBIT, ITIL;
•Knowledge of audit or control testing;
•Experience in a compliance-intensive industry;
•Familiarity with change management for enterprise systems.
Basic skills