ABOUT THIS OPPORTUNITY:

Cenovus is seeking a highly motivated Cybersecurity Governance, Risk, and Compliance (GRC) Analyst to join our System Controls and Monitoring Team. This role focuses on technical administrative governance, including access reviews, activity monitoring, and ensuring overall domain hygiene. The successful candidate will play a critical role in maintaining and improving our IT governance and security posture while collaborating across IT and business units. Knowledge of Active Directory governance and its integration into broader IT governance models, as well as familiarity with audit practices and IT risk management processes are assets in this role. This position is ideal for a meticulous professional with deep technical and organizational skills who thrives in a dynamic environment.

WHO WE ARE:

We’re an integrated energy company headquartered in Calgary with oil and natural gas production operations in Canada and the Asia Pacific region, and upgrading, refining and marketing operations in Canada and the United States. We’re committed to maximizing value by developing our assets in a safe, responsible and cost-efficient manner, integrating environmental, social and governance considerations into our business plans.
We’ve been named a Top Alberta Employer for 2024, a designation recognizing organizations leading their industries in offering exceptional places to work.
Find Cenovus on Facebook , X , LinkedIn , YouTube and Instagram .
For more information, please visit cenovus.com.
At Cenovus, we embrace diversity of thought, experience and backgrounds to help us make better business decisions, address our challenges, seize opportunities and unlock innovative solutions. We’re committed to building a diverse and inclusive workplace where people feel respected, valued and engaged. We strive for a collaborative, physically and psychologically safe environment where you can be yourself, feel a sense of belonging and thrive. For more information, including details on our inclusion and diversity networks, visit Cenovus.com.
The requirements of this posting may be modified to support business needs. Title and compensation administration will be based on the skills and capabilities of the successful incumbent.

LI-CL1

• Focus on ensuring robust security governance through technical and administrative measures and identify and mitigate risks to reduce the likelihood of data breaches, regulatory non-compliance, or system compromises
• Ensure the company avoids costly fines or reputational damage by maintaining SOX and other compliance standards
• Ensure the organization stays aligned with financial and operational reporting standards avoiding penalties or legal exposure
• Conduct access reviews, domain hygiene maintenance, and process optimization to help ensure systems run efficiently, as well as minimize disruptions caused by security misconfigurations or failures
• Contribute a proactive approach to cybersecurity allowing the company to anticipate and prepare for emerging threats rather than reacting after incidents occur
• Ensure the security framework supports operational needs while maintaining compliance with industry regulations
• Protect sensitive data and systems to enable secure business processes and to help build trust among employees, partners, and regulators
• Focus on access reviews, domain hygiene, and risk management to enhance the company’s ability to operate effectively in a regulated and competitive environment