$80 - $85 Posted:
Job Description
Senior Information Risk AnalystLead high impact information risk initiatives within the insurance sector. Strengthen cybersecurity governance, advance cloud security controls, and influence enterprise risk strategy in a hybrid Toronto environment. Ideal for professionals skilled in NIST, OSFI B-13, SOC, and technology risk management.
What is in it for you:
• Salaried: $80-85 per hour.
• Incorporated Business Rate: $95-100 per hour.
• 10-month contract.
• Full-time position: 37.50 hours per week.
• Weekday schedule and hybrid work model.
Responsibilities:
• Perform information risk assessments in alignment with global IRM methodologies, policies, and standards.
• Assess new and existing development, testing, deployment, monitoring, and security technologies across multiple business units.
• Collaborate with developers, engineers, and support teams to implement and automate security controls, including cloud and container security, within CI/CD pipelines.
• Partner with cross functional teams including Cloud, Engineering, Architecture, IT Asset Management, Infrastructure, and Line 2 to ensure effective risk process execution and alignment with enterprise governance.
• Provide expertise in security incident investigations and support timely communication and documentation of risk assessment results.
• Contribute to continuous improvement initiatives by challenging existing processes and identifying efficiencies.
• Build strong working relationships across diverse, multicultural teams to promote effective risk management practices.
What you will need to succeed:
• Bachelor's degree in Computer Science, Engineering, IT Security, or a related discipline, or equivalent practical experience.
• Professional certifications such as CISSP, CISA, CRISC, or CISM, or actively working toward certification, are considered an asset.
• 5 to 7 years of experience in technology risk, information security, cybersecurity, IT audit, compliance, or related fields, preferably within a regulated financial services or insurance environment.
• Strong knowledge and hands on experience in risk assessment, incident response, regulatory requirements, and control frameworks.
• Familiarity with regulatory and industry frameworks such as OSFI B-13, NIST, SOC 1, SOC 2, ISO 27001, and CIS Controls.
• Proficiency with governance and collaboration tools such as Archer, Jira, Confluence, and ServiceNow.
• Foundational knowledge of cloud security, identity and access management, data protection, infrastructure security, and broader cybersecurity concepts.
• Strong analytical, documentation, and organizational skills with the ability to manage multiple priorities and complex risk scenarios.
• Ability to understand IT processes and associated risks, identify key controls, and provide practical, actionable recommendations.
• Excellent communication and stakeholder management skills with the ability to collaborate effectively across technology, cybersecurity, privacy, and risk teams.
• Team oriented mindset with a commitment to knowledge sharing, mentorship, and continuous improvement.
Why Recruit Action?
Recruit Action (agency permit: AP provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.
# MFCJP