IT Security Analyst GRC

Helical Pile Solutions is a deep foundations contractor with over 30 years of experience in the industry, recently acquired by Java Holdings Ltd. (“Java”). Java staff have over 50 years of experience building some of Canada’s largest electrical infrastructure projects. We are seeking an IT Security Analyst with a GRC / IT Audit Focus to join our team in the Calgary region. This is an in-office position.

Position Summary:

The IT Security Analyst, reporting to the Manager of IT Security or their delegate, will support the implementation and maintenance of the organization’s Governance, Risk, and Compliance (GRC) program, with a strong focus on IT audit, control validation, risk management, and security governance. This role will contribute to building and maturing a structured, risk-based security framework aligned with industry standards such as the Center for Internet Security (CIS) Controls, NIST, and ISO 27001.

In addition to GRC responsibilities, the role will provide limited support to security operations as required. This may include assisting with monitoring security events, analyzing potential threats, and supporting incident response activities

Key Responsibilities:

Governance, Risk & Compliance:

• Support the development and execution of the IT Audit Program aligned with CIS Controls and industry best practices
• Perform control design and operating effectiveness testing (e.g., access control, change management, user provisioning)
• Assist in maintaining and updating the IT risk register, including tracking remediation activities
• Support internal and external audits, including evidence collection, walkthroughs, and audit coordination
• Review and assess vendor security posture, including SOC 2 reports, ISO certifications, and security questionnaires
• Participate in risk assessments for new applications, systems, and vendors
• Assist in developing and maintaining security policies, standards, and procedures
• Support compliance mapping across frameworks (CIS, NIST, ISO 27001)
• Maintain structured audit documentation, control evidence, and reporting artifacts
• Track audit findings, risk exceptions, and remediation plans to closure

IT General Controls (ITGC) & Access Governance:

• Support user access reviews and validation of role-based access controls (RBAC)
• Assist in validating user provisioning, transfers, and terminations
• Review change management controls and approvals for system changes
• Support privileged access reviews and governance processes
• Ensure proper documentation and audit trails are maintained for all control activities

Security Operations:

• Assist in reviewing security alerts from tools such as Microsoft Defender and SIEM platforms (as required)
• Support basic incident documentation and escalation to senior team members
• Assist in identifying trends or anomalies through log reviews
• Collaborate with the security operations team when required

Security Awareness & Collaboration:

• Support security awareness initiatives such as phishing simulations and user education
• Promote security best practices across IT and business teams
• Collaborate with IT, business units, and project teams to ensure secure and compliant implementations

Cross-Functional Collaboration:

• Provide support for security reviews during project planning and implementation to ensure secure and compliant solutions.
• Collaborate with IT and other departments to ensure security best practices are followed.

Education and Work Experience Required:

• Bachelor’s degree or diploma in Computer Science, Information Technology, Cyber Security, or a related field
• Strong understanding of IT infrastructure, software development, and systems integration.
• Strong understanding IT audit concepts, internal controls, and risk management principles
• Relevant certifications -

CISA (preferred)

CompTIA Security+

Microsoft Security Fundamentals (SC-900) 

Skills and Experience:

• Familiarity with security frameworks such as CIS Controls, NIST, and ISO 27001
• Knowledge of IT General Controls (ITGC) such as access control, change management, and logging
• Strong attention to detail and ability to follow structured processes
• Good documentation and communication skills
• Analytical thinking and problem-solving ability
• Ability to manage multiple tasks and follow through on audit and risk items
• Willingness to learn and grow within a GRC / IT Audit career path
• Ability to align with company core values (Innovation, Community, Excellence, Safety).

Other Position Requirements:

• Valid driver’s license and potential use of a personal vehicle
• Occasional travel to remote sites (approximately 10–15%)
• Ability to sit for extended periods and work on a computer
• Commitment to continuous learning and professional development

• Extended Healthcare Plan (Medical, Disability, Dental & Vision)
• Group RRSP
• Group Life - AD&D - Critical Illness Insurance
• Training & Development
• Employee Assistance Program - Counseling