BRP Inc.

Technology & Vendor Risk Specialist

BRP Inc.$80K — $110K *
Montreal, QC H1A 0A1In-Person
Enterprise Technology
5 - 7 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in Technology Third-Party Risk Management (TPRM) and vendor assessments.
  • Experience managing second line of defense (2LoD) requirements for risk management.
  • Strong knowledge of cybersecurity frameworks such as NIST and ISO 27001.
  • Understanding of business continuity and disaster recovery processes.
  • Knowledge of SOX IT General Controls and their implications for third-party service providers.
  • Hands-on experience with technology risk analysis and remediation planning.
  • Strong analytical and communication skills.

Responsibilities

  • Conduct comprehensive risk assessments of third-party technology vendors.
  • Analyze vendor responses to cybersecurity and risk questionnaires.
  • Develop and track remediation strategies for identified technology risks.
  • Evaluate residual risk levels and escalate high-risk issues appropriately.
  • Execute due diligence activities for new and existing vendors.
  • Collaborate with cross-functional teams to ensure compliance with policies and regulations.
  • Contribute to the improvement of the TPRM framework and controls.

Benefits

  • Annual bonus based on company performance.
  • Generous paid time off.
  • Pension plan participation.
  • Collective savings opportunities.
  • Fully-covered industry-leading healthcare.
  • Flexible work schedule with summer options.
  • Holiday season shutdown policy.
  • Access to educational resources.
  • Employee discounts on BRP products.
Full Job Description
We are seeking a highly skilled Senior Analyst - Technology Risk Management & Third-Party Risk Management (TPRM) to support and strengthen our tech risk program. This role will work closely with the Information Security Governance & Compliance (GRC) team and cross-functional stakeholders to assess, monitor, and manage technology-related risks, in addition to managing the technology risk register.

YOU'LL HAVE THE OPPORTUNITY TO:
  • Perform comprehensive risk assessments of third-party vendors delivering technology products and services.
  • Review and analyze vendor responses to cybersecurity and risk questionnaires, including evaluation of supporting documentation and evidence.
  • Conduct technology risk analysis, develop mitigation strategies, and track remediation efforts through to closure.
  • Evaluate and report on residual risk levels, ensuring proper documentation and escalation of high-risk issues.
  • Support and execute technology due diligence activities for both new and existing vendors.
  • Collaborate with internal stakeholders (Procurement, Legal, Privacy, Architecture, and IT teams) to ensure vendor engagements meet internal policies, regulatory requirements, and industry best practices.
  • Contribute to the continuous improvement of the TPRM framework, processes, and controls.
  • Manage the lifecycle of risk events in the technology risk register
  • Discuss coordinated action plans with IT architecture teams and multiple departments


YOU'LL THRIVE IN THIS ROLE IF YOU HAVE THE FOLLOWING SKILLS AND QUALITIES:
  • Proven experience in Technology Third-Party Risk Management (TPRM) and vendor risk assessments.
  • Proven experience in managing 2LoD (second line of defence) requirements for risk management.
  • Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and regulatory expectations.
  • Strong understanding of Business continuity and Disaster recovery processes and methodologies
  • Solid knowledge of SOX IT General Controls (ITGCs) and their application to third-party service providers.
  • Hands-on experience in technology risk analysis, remediation planning, and residual risk management.
  • Experience conducting technology due diligence for vendors and service providers, including review of SOC2 type 2 reports, etc.
  • Excellent analytical, communication, and documentation skills.
  • The ability to manage multiple priorities and work independently in a fast-paced environment.


AT BRP, WHEN WE TALK ABOUT BENEFITS, WE GO ALL IN.

Let's start with a strong foundation - You want it, we have it:
  • Annual bonus based on the company's financial results
  • Generous paid time away
  • Pension plan
  • Collective saving opportunities
  • Industry leading healthcare fully paid by BRP

What about some feel good perks:
  • Flexible work schedule
  • A summer schedule that varies by department and location
  • Holiday season shutdown
  • Educational resources
  • Discount on BRP products

#LI-Hybrid

About BRP Inc.

BRP Inc. is a Canadian company that designs, develops, manufactures, distributes, and markets powersports vehicles and propulsion systems. The company's products include Ski-Doo and Lynx snowmobiles, Sea-Doo watercraft, Can-Am on- and off-road vehicles, Alumacraft and Manitou boats, Evinrude and Rotax marine propulsion systems, and Rotax engines for karts, motorcycles, and recreational aircraft. BRP was founded in 1942 and is headquartered in Valcourt, Quebec.
Learn more about BRP Inc.
Size
19,500 employees
Market Cap
$2.7 billion
Industry
Hospitality & Recreation
NASDAQ
DOOO
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at BRP Inc.

More Enterprise Technology Jobs

Find similar Technology & Vendor Risk Specialist jobs:

NationwideMontreal, QC