Back to All Jobs
Four Seasons Corporate Office Toronto, Canada
2 days ago
Analyst, IT Governance, Risk & Compliance

About Four Seasons:

Four Seasons is powered by our people. We are a collective of individuals who crave to become better, to push ourselves to new heights and to treat each other as we wish to be treated in return. Our team members around the world create amazing experiences for our guests, residents, and partners through a commitment to luxury with genuine heart. We know that the best way to enable our people to deliver these exceptional guest experiences is through a world-class employee experience and company culture.         

At Four Seasons, we believe in recognizing a familiar face, welcoming a new one and treating everyone we meet the way we would want to be treated ourselves. Whether you work with us, stay with us, live with us or discover with us, we believe our purpose is to create impressions that will stay with you for a lifetime. It comes from our belief that life is richer when we truly connect to the people and the world around us.

About the location:

Four Seasons Hotels and Resorts is a global, luxury hotel management company. We manage over 120 hotels and resorts and 50 private residences in 47 countries around the world and growing. Central to Four Seasons employee experience and social impact programming is the company’s commitment to supporting cancer research, and the advancement of diversity, inclusion, equality and belonging at Four Seasons corporate offices and properties worldwide. At Four Seasons, we are powered by people and our culture enables everything we do.

The GRC Analyst is responsible for supporting PCI compliance across properties and the corporate office, ensuring adherence to privacy regulations and internal policies. Key responsibilities include tracking PCI compliance status, managing helpdesk tickets, onboarding new properties, delivering training, and maintaining compliance documentation. The role also involves supporting global data mapping initiatives and collaborating with IT, security, and legal teams to enhance compliance, mitigate risks, and ensure data privacy. This position provides exposure to various compliance projects and plays a vital role in maintaining the organization's compliance posture and risk management strategy.

This role is based in Four Seasons Hotels and Resorts, Toronto Corporate Office, reporting to the Manager, IT Governance, Risk & Compliance. This role involves interactions with primarily internal stakeholders at various levels.

What You’ll Be Doing

Compliance Management:

Assist with IT activities to ensure properties meet PCI compliance requirements and regulations:

Track PCI compliance status across properties.

Manage helpdesk tickets efficiently.

Onboard new properties into the compliance program and deliver PCI compliance training.

Maintain and update compliance dashboards, internal SharePoint sites, reports, and documentation.

Support Corporate Office PCI compliance, including:

Support evidence collection for Corporate Quarterly PCI reviews.

Manage helpdesk tickets in a timely manner.

Ensure the accuracy and maintenance of policies, standards, procedures, and compliance dashboards.

Global Data Mapping:

Support properties and the corporate office with the data mapping tool, ensuring alignment with business objectives for successful deployment:

Engage with stakeholders to confirm the completeness and quality of data mapping.

Conduct data quality reviews using various tools and reports, monitoring progress.

Provide IT expertise to the Legal Privacy team, ensuring compliance with legal and privacy standards.

Facilitate collaboration with stakeholders to address issues during data mapping deployment.

Technology Management:

The GRC Analyst will leverage various technologies to optimize operations and ensure efficient compliance management, including:

IT Service Management:

Manage helpdesk operations, ticketing, incident management, and IT service monitoring via dashboards. Key features: ticketing, incident management, real-time dashboards for service monitoring.

Internal Collaboration & Document Management:

Collaborate across teams using internal sites and update policies, standards, and procedures. Key features: PCI Internal SharePoint site and Governance Portal for content management and updates.

Security & Compliance Management:

Support PCI compliance by training and guiding properties in using the PCI Wizard tool to facilitate self-attestation for PCI 4.0 requirements, ensuring ongoing adherence to PCI standards.

Privacy, Security & Risk Management:

Provide day-to-day support for OneTrust, including user management, report generation, and maintaining documentation.

Apply service management practices, including problem management, incident management, and change management, to monitor and assess OneTrust's performance.

Resolve issues and engage with stakeholders, including the Legal Privacy team, to ensure the effective use of OneTrust.

Who You Are

You have a passion for Information Technology Operations, Compliance, and Governance disciplines

Highly critical and analytical disposition

High attention to detail and strong listening skills

Ability to work independently with minimal supervision.

Natural curiosity and an ability to undertake creative exploration.

Self-motivated, with critical attention to deadlines and reporting

The ability to manage many projects simultaneously and meet deadlines within a high-energy, fast-paced, and evolving environment.

The ability to grasp and communicate technical issues to a variety of audiences

Skilled in supporting regular audits for compliance and generating detailed compliance reports, identifying gaps, and ensuring proper documentation to support compliance efforts and audits.

Experienced in researching and preparing notes, status reports, and technical documentation, with the ability to tailor content for both technical and non-technical audiences, ensuring clear communication across teams.

Proficient in monitoring system performance and, when issues arise, analyzing problems, reporting critical issues to the GRC Manager, and helping to initiate resolution processes.

Expertise in identifying, evaluating, and managing compliance risks to follow up on remediation actions for non-compliance issues and working with cross-functional teams to mitigate risks and ensure ongoing compliance with PCI 4.0 standards.

What You Bring

Minimum 2 years of IT Governance, Risk and Compliance operations, or project management

Preferred Certifications: One or more of the following: PCI Professional (PCIP), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), or CompTIA Security+.

Bachelor’s degree or equivalent business qualifications.

This role will be a Hybrid working model, which will require 3 days per week in the Four Seasons Corporate Office located at 1165 Leslie Street, Toronto, Ontario #LI-Hybrid 

Four Seasons is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If contacted for an employment opportunity, please advise Human Resources if you require accommodation.

Show More
Save & Apply Later Applying Later... Click to ApplyI AppliedDidn't Apply
Confirm your E-mail: Send Email
Apply for this job
Next Job »
All Jobs from Four Seasons Hotel
15 Four Seasons Hotel jobs in Four Seasons Corporate Office Toronto
Next Job »
Search Jobs Four Seasons Hotel Apply Later
Processing Unique Jobs for You: