Talent.com
Ontario Medical Association
Cybersecurity GRC AnalystOntario Medical Association • Hybrid - Toronto, ON, CA
Cybersecurity GRC Analyst

Cybersecurity GRC Analyst

Ontario Medical Association • Hybrid - Toronto, ON, CA
30+ days ago
Salary
CA$92,835.00 yearly
Job type
  • Permanent
  • Quick Apply
Job description

Are you looking to join one of Greater Toronto’s Top 2026 Employers ?

The Ontario Medical Association (OMA) advocates for and supports doctors, seeking to strengthen their leadership role in caring for patients.

We continually seek to be the trusted voice in transforming Ontario’s health-care system by courageously pursuing best practices, new ideas, solutions, and opportunities to improve.

Job summary This position is responsible for strengthening the Ontario Medical Association’s (OMA) information security governance, risk, and compliance program by operating within the second line of defense to provide oversight, independent validation, and risk-based advisory.

Working within the Technology department and in close collaboration with the Information Security team, enterprise risk management, service providers, and business stakeholders, the role ensures cybersecurity risks are effectively identified, assessed, and managed across the organization.

It supports audit and regulatory readiness while embedding strong security practices and enabling the secure adoption of technology, including emerging areas such as artificial intelligence (AI).

The Cybersecurity GRC Analyst advances the OMA’s strategic vision by fostering cross-functional collaboration, promoting business agility, and influencing stakeholders to safeguard sensitive information.

How you will make a difference Governance, Risk, Compliance (GRC): Maintaining and continuously improving cybersecurity policies, standards, and controls, ensuring alignment with recognized frameworks such as CIS, NIST, and ISO 27001.

Serving as the primary point of contact for cybersecurity-related audits, coordinating activities including evidence collection and remediation tracking.

Overseeing security exception and risk acceptance processes.

Integrating governance for artificial intelligence (AI) and emerging technologies into existing frameworks, including assessing associated organizational risks and providing guidance on regulatory and ethical considerations.

Cyber Risk Governance & Reporting: Maintaining the enterprise cybersecurity risk register, including risk ratings, remediation expectations, and escalation thresholds.

Assessing and documenting risks arising from vulnerabilities, incidents, third-party findings, and control gaps.

Developing and maintaining cybersecurity dashboards, key risk indicators (KRIs), and key performance indicators (KPIs).

Providing regular reporting to senior leadership on emerging cybersecurity risks and overall security posture.

Vulnerability and Application Risk Oversight: Maintaining visibility of vulnerabilities across infrastructure, cloud, and applications, assessing business impact, particularly related to sensitive data exposure.

Tracking remediation progress, escalate overdue critical items, and document residual risk and risk acceptance where remediation is deferred.

Application and data security oversight: Overseeing controls protecting sensitive data, including personal and health information (PII/PHI).

Collaborating on data governance initiatives, including data classification and data loss prevention (DLP), and report on application and data-related risks.

Work closely with the Senior Security Architect to conduct threat modeling for new and existing applications and validate secure coding practices, SAST/DAST scanning, and remediation effectiveness.

Reviewing and reporting on application risks related to identity and access management, API security, data protection, and third-party dependencies.

Identity, Incident & Operational Control Oversight: Overseeing quarterly privileged access and identity certification reviews.

Reviewing major incident reports, validating root cause analysis and corrective actions.

Monitoring recurring control failures and systemic weaknesses across infrastructure, applications, and AI systems. Third-Party Risk & Security Awareness: Conducting third-party cybersecurity risk assessments, including vendors providing AI-enabled services.

Monitoring remediation commitments and risk acceptance documentation.

Facilitating periodic technical and management tabletop exercises.

Supporting phishing simulations and broader cybersecurity awareness initiatives.

Requirements that are important to us University degree in Information Technology, Computer Science, Computer Engineering, or an equivalent Six to nine years of relevant experience in information security and IT, including experience in a GRC-focused role supporting enterprise environments (endpoint and identity security).

Maintains one or more active, industry-recognized certifications (e.g., CISSP, CRISC, CISA, Certified Ethical Hacker, or equivalent) Additional certifications considered an asset include CISM, ISACA Advanced in AI Security Management (AAISM), ITIL, PMP, or an MBA (or equivalent) Experience working with Microsoft Security and Compliance solutions Strong experience in identity governance and conditional access (e.g., Entra ID) Hands-on experience with XDR tools and familiarity with SIEM/SOAR platforms, including automated workflows/playbooks Solid understanding of Zero Trust security principles and modern security architectures Knowledge of MITRE ATT&CK and experience with threat modeling methodologies Exposure to or experience with AI-driven security tools and controls is an asset Experience with API-based integrations and automation (e.g., REST, Microsoft Graph API).

Strong knowledge of cyber risk management, cybersecurity frameworks, and business continuity practices, including BCP and Disaster Recovery (DR) Demonstrated business acumen with strong analytical, problem-solving, and decision-making skills Excellent communication and presentation skills, with the ability to effectively influence and collaborate with both technical and non-technical stakeholders The OMA has moved to a permanent hybrid work environment.

As such, the individual in this position will be required to work a minimum number of days in our Toronto office.

What do we have to offer you?

A work environment whose values are to be respectful, bold, responsive, and transparent in our work and our behaviours A fantastic opportunity to grow with the team and help shape the strategic direction of the OMA, its members and the health-care system An organization that is committed to the equity, diversity and inclusion principles of humility, accountability, collaboration, courage and integrity A commitment to growth and development through paid professional development and continuous in-house learning A friendly and flexible hybrid work environment Competitive total rewards package including a hiring salary range of $92,835 - $98,640 plus pension plan and a bonus program Exceptional group benefits package, including a spending account and a robust wellness program An organization that has been recognized as a Greater Toronto’s Top Employers for six consecutive years.

As a condition of employment, OMA conducts background checks and reference checks for all open positions.

  • Facebook | Twitter | Instagram | YouTube | LinkedIn ­­ We're excited to share this opportunity, which is for a newly created position on our team.

Kindly be advised that our recruitment process does not involve the use of Artificial Intelligence.

The Ontario Medical Association is strongly committed to diversity within its community and welcomes applications from racialized persons/persons of colour, women, Indigenous People of North America, persons with disabilities, LGBTQ2S+ persons, and others who may contribute to the further diversification of ideas.

In accordance with the AODA Act, accommodation will be provided throughout the recruitment process to applicants with disabilities.

  • Powered by JazzHR

Create a job alert for this search

Cybersecurity GRC Analyst • Hybrid - Toronto, ON, CA

Similar jobs

Cybersecurity Risk Advisory Analyst

MonerisToronto
Full-time

Influence security standards and risk management practices as a Cybersecurity Analyst.Engage in a hybrid work model while advising on secure design and regulatory compliance.This analyst role focus... Show more

 • Promoted

Cybersecurity Analyst - Threat Detection & DLP (Hybrid)

LanceSoft, Inc.Toronto, ON, CA
Full-time

A leading IT service provider is seeking a Mid-Senior IT Security Analyst for a hybrid role in Toronto.The ideal candidate will have over 5 years of experience in network and information security, ... Show more

 • Promoted

Cybersecurity - Cyber Managed Services (Industrials & Energy) - Senior Manager

Ernst & Young Advisory Services Sdn BhdToronto
Full-time

Cybersecurity - Cyber Managed Services (Industrials & Energy) - Senior Manager Location: Toronto Other locations: Primary Location Only Date: May 6, 2026 Requisition ID: 1708357 ... Show more

 • Promoted

Cybersecurity - Cyber Managed Services (Industrials & Energy) - Senior Manager

EYToronto, Ontario, Canada
Full-time

EY is recognized by leading industry analysts as best‑in‑class in cybersecurity and managed security services.As part of our continued growth, EY Canada is seeking a Senior Manager to join our Mana... Show more

 • Promoted

Cybersecurity Analyst

Porter Airlines Inc.Toronto, ON, CA
Full-time

We are seeking someone who is passionate about making a big impact in our cybersecurity operations.In this position, you will help drive important initiatives like identity and access management, t... Show more

 • Promoted

Senior OT Cybersecurity Leader

BBA ConsultantsToronto, ON, CA
Full-time

We’re seeking a Senior OT Cybersecurity Leader with strong strategic and technical skills to support the growth of our expertise and our industrial control systems (ICS) cybersecurity team.You’ll m... Show more

 • Promoted

Tech Risk & Cybersecurity Senior Associate

Optimus SBRToronto
Full-time

A leading management consulting firm in Toronto seeks experienced professionals for technology advisory roles.The position requires 3-7 years in technology delivery or risk management.Responsibilit... Show more

 • Promoted

Remote GRC & Cybersecurity Compliance Consultant

MalleumToronto, ON, CA
Remote
Full-time

A leading cybersecurity consultancy in Montreal is seeking a Governance, Risk & Compliance Consultant.The role requires 5-8 years of experience in IT security and risk management, with a deep under... Show more

 • Promoted

Senior Business Analyst Hybrid Cybersecurity (6mo Contract)

Source CodeToronto, ON, CA
Temporary

A technology service provider is seeking a Sr.Business Analyst in Toronto to provide comprehensive I&T business analysis services.The role involves gathering and analyzing business requirements whi... Show more

 • Promoted

Director, Cybersecurity and Networks

TridelToronto, Ontario, Canada
Full-time

Join Tridel: Building Communities, Growing Careers.Our strength, innovation and growth are the result of talented individuals who come together as a team to build sustainable and award‑winning home... Show more

 • Promoted

Cybersecurity Researcher

SafetyToronto, Ontario, Canada
Full-time

This range is provided by Safety.Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.Our Mission Safety secures the software supply chain for the wo... Show more

 • Promoted

Senior Analyst - Cyber Threat Modeling and Risk

EQ Bank | Equitable BankToronto, ON, CA
Full-time +1

Being a traditional bank just isn’t our thing, so we challenge ourselves to get creative in providing innovative banking solutions for Canadians.How do we get there? With a talented team of inquisi... Show more

 • Promoted

IT Contract & Cybersecurity Risk Specialist

DexianToronto, ON, CA
Full-time

A prominent staffing and IT solutions firm based in Canada is seeking a Contract Specialist to support its Vendor Information Security Management function.The role entails reviewing vendor contract... Show more

 • Promoted

Cyber Security Analyst Role at Ndeipi.com

NdeipiToronto, ON, CA
Part-time

Take on the part-time Cyber Security Analyst role at Ndeipi.Your analytical skills will be crucial in combating cyber threats.Based in Old Toronto, you will monitor and analyze network activity, im... Show more

 • Promoted

GRC Analyst Role at Bennett Jones

Bennett JonesToronto
Full-time

Elevate your career with Bennett Jones as a GRC Analyst focusing on Information Security in Toronto.This role emphasizes compliance, security governance, and managing vendor security profiles.As an... Show more

 • Promoted

Cybersecurity Channel Solutions Engineer

Marler & Associates SearchToronto, ON, CA
Full-time

A global cybersecurity firm is seeking a Channel Solutions Engineer to empower strategic partners and enhance technical capabilities.You will provide support as a trusted technical advisor, focusin... Show more

 • Promoted

OT Cybersecurity Controls Engineer for Global Operations Oversight

Magna InternationalAurora, York Region, CA
Full-time

Drive cybersecurity governance across global Operational Technology environments as an OT Cybersecurity Controls Engineer.Ensure secure operations, manage risk assessments, and enhance security mea... Show more

 • Promoted

Director, Cybersecurity

RangeToronto, Ontario, Canada
Full-time

All our investments stem from a common thesis, that travel advisors add real value to a trip.Travel advisors when equipped with technology and 24/7 support are irreplaceable.Equally important is ou... Show more

 • Promoted

Lead Cybersecurity Advisor at Hitachi Rail

Hitachi RailToronto
Full-time

Join Hitachi Rail as a Lead Cybersecurity Advisor in Toronto (Hybrid).Drive cybersecurity design across projects, ensuring compliance with industry standards and best practices.In this pivotal role... Show more

 • Promoted

Cybersecurity SDR Team Lead Role

Feroot Security Inc.Toronto
Full-time

Become a Cybersecurity SDR Team Lead at Feroot Security, driving outreach and shaping the SDR team's success.Engage in pipeline generation within a thriving remote-first workplace.This role offers ... Show more