Alberta Gaming, Liquor & Cannabis (AGLC) is a dynamic organization leading Alberta’s gaming, liquor and cannabis industries. Our team of high performers is driven to provide our customers with outstanding service and Albertans with choices they can trust.

ABOUT INFORMATION TECHNOLOGIES

IT proudly provides the computer systems, security, IT services and governance that support AGLC’s businesses, including the operation & support of mission critical gaming, liquor and corporate systems running on a variety of computing platforms. IT ensures the stability and performance of a Local/Wide Area Network, which supports over 1,200 gaming locations and more than 2,000 computers/tablets, 150 physical and 2,000 virtual servers distributed across six corporate offices, casinos, RECs and bingo halls. IT provides leadership in the use of information technology, data and systems to help the AGLC achieve business goals and objectives.

ABOUT THE POSITION

Senior IT Security, Risk & Compliance Analyst

Job Req: 1167

Location: St. Albert - Corriveau (Hybrid - 3 days in St.Albert office, 2 days remote)

Division/Branch: Information Technology / Enterprise Architecture and Security

Classification: Systems Analyst 4

Status: Permanent - FT

Salary: $86,011.41 - $113,924.75 * The salary for this position is currently under review as part of AGLC’s broader Non‑Union Compensation review, which is intended to support alignment with market practices. Compensation details for this role may be adjusted following completion of the review.

Reports to: David Gardner

Closing Date: May 6, 2026

JOB SUMMARY:

This is not a technical operations role.

This is GRC with real authority, not checkbox compliance. It’s a Governance, Risk & Compliance leadership role for someone who wants to own programs, influence decisions, and represent IT Security at the enterprise level.

If your strength is IT risk, audit, compliance, and governance, and you enjoy being the person auditors trust, leaders rely on, and teams come to for defensible risk decisions, this role will feel like home.

Why this role stands out

In this position, you are not supporting GRC work - you own it.

You will be the primary owner of the IT Risk Management Program, the central liaison for Internal Audit and the Office of the Auditor General (OAG), and a key contributor to PCI DSS audits and ongoing compliance obligations.

This role sits at the intersection of IT, Security Operations, Audit, Risk, and Executive Governance, with real authority to shape how security risk is identified, assessed, tracked, and communicated across the organization.

What you will actually do:

Own IT & Cyber Risk Management

• Lead the end‑to‑end IT risk lifecycle: intake, assessment, scoring, treatment tracking, and governance review.
• Ensure IT and cyber risks align with Enterprise Risk Management (ERM) and are presented in a way leaders can act on.
• Facilitate risk discussions that balance security, business impact, and operational reality.
• Maintain risk visibility, decision records, and defensible documentation.

Be the face of IT Security for Audit

• Act as the primary IT Security liaison for Internal Audit, OAG, PCI DSS, and other external audits.
• Coordinate audit requests, evidence, walkthroughs, and responses.
• Translate security and technical controls into clear, auditable narratives.
• Track findings, drive remediation accountability, and ensure closure is