GRC Analyst

Waterloo, ON, Canada


The best cloud based small business accounting software. Send invoices, track time, manage receipts, expenses, and accept credit cards. Free 30-day trial.

View company page

About FreshBooks

FreshBooks is a leading cloud-based SaaS accounting software designed with one goal: to help small business owners grow. We reached unicorn status after raising our valuation to more than $1 billion and continue to scale our business to serve business owners, their clients, and accountants in more than 160 countries worldwide. FreshBookers are found all over the globe, and our goal is to create connection as a human-first workplace. Our teams have adopted different working environments based on how they collaborate best. Some are fully remote and others are truly hybrid - it all comes down to what's best for the team and for everyone FreshBooks builds for.

The Opportunity - GRC Analyst

FreshBooks Product Security Team is looking for a GRC Analyst to support the growth of our Information Security Program. The Analyst is passionate and knowledgeable about PCI-DSS and SOC2 compliance frameworks. At Freshbooks, you will ensure systems and processes are developed and actioned in alignment with audit standards, client agreements, and internal policies. You will collaborate with stakeholders across the company as a champion of the IT Compliance and Information Security programs.  

NOTE: This role can be worked remotely from anywhere within Canada. 

What You'll Do as a GRC Analyst

  • Help build and maintain the IT Compliance program
  • Develop and maintain policies, procedures, and other information security related documentation
  • Collaborate with internal teams to ensure that appropriate controls are implemented and are operating effectively
  • Respond to questions from partners and customers regarding our security posture
  • Conduct risk assessments on our third parties
  • Key participant in our SOC2 and PCI audits
  • Manage audit findings and remediation efforts
  • Manage the security awareness programs
  • Publish internal communications and act as a point of contact for security related questions

What You'll Bring to the Role

  • 3+ years of relevant experience
  • Hold a Bachelor’s Degree in business, social sciences, or computer science.
  • Have a demonstrated ability to learn and succeed in a fast-paced, technical environment with changing priorities.
  • Have advanced interpersonal and communication skills (oral and written), proficiency in English.
  • Good understanding of information security concepts and IT functions.
  • Have experience auditing in cloud environments, familiarity with GCP, AWS and/or Kubernetes.
  • Are well versed in IT audit standards such as SOC2 and PCI-DSS

.You'll Stand Out If You Bring Experience In

  • CISA, CRISC, CISSP, or similar certifications.
  • Experience working with SaaS companies in a compliance capacity

Our Commitments to You

At FreshBooks each person knows their opinion is valued, and can see their impact on the lives of over 10 million small business owners around the world. Accelerate your career, work on projects you're passionate about, and work as a part of a collaborative team without ego! Here are some of the ways FreshBooks recognises and rewards our full time employees:

  • 🩺 Comprehensive Health and Wellness Benefits. Including retirement savings program or pension plan matched to your local office, stock options for every full time employee, generous time off, parental leave and new parent support, annual healthy living credit, comprehensive medical and dental benefits dependent on your region, and more.
  • 📚 Perks that Matter. Including a Peer Recognition Program, an Employee Assistance Program, headphone credit, meaningful in-person gatherings to bring onsite and remote employees together, and more perks matched to your locale.
  • 🌱Working Environments to Help You Thrive. Beautiful office spaces welcome you in Canada and Mexico, and those without access to a FreshBooks office receive a home office credit to set up your home office.
  • 🤗 Supportive Peer Group, Mentors, and Leaders. We care about each other across the organisation and have programs to support this so everyone feels a strong sense of belonging, and believes in collective impact.
  • 🚀 Accelerated growth. Comprehensive company onboarding, career development through continuous coaching, training, and learning on the job.


Even if your experience doesn't meet every bullet on the above lists, we'd love to learn more about you and why you think FreshBooks is the next step in your career.

FreshBooks is an equal opportunity employer. We do not discriminate based on gender, religion, race, mental disability, sexual orientation, age, or any other status. All applicants are considered based on their qualifications and merits. At FreshBooks, we inspire an environment of mutual respect and we believe diversity and inclusion are crucial to our success.

FreshBooks provides employment accommodation during the recruitment process. Should you require any accommodation, please indicate this on your application and we will work with you to meet your accessibility needs. For any questions, suggestions or required documents regarding accessibility in a different format, please contact us at phone 1-416-780-2700 and/or


Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits AWS CISA CISSP Cloud Compliance Computer Science CRISC GCP Kubernetes Product security Risk assessment SaaS SOC 2

Perks/benefits: Career development Equity Health care Home office stipend Medical leave Parental leave Wellness

Regions: Remote/Anywhere North America
Country: Canada
Job stats:  51  16  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.