Senior Information Risk Analyst

Lead high impact information risk initiatives within the insurance sector. Strengthen cybersecurity governance, advance cloud security controls, and influence enterprise risk strategy in a hybrid Toronto environment. Ideal for professionals skilled in NIST, OSFI B-13, SOC, and technology risk management.

• Salaried: $80-85 per hour.

• Incorporated Business Rate: $95-100 per hour.

• 10-month contract.

• Full-time position: 37.50 hours per week.

• Weekday schedule and hybrid work model.

• Perform information risk assessments in alignment with global IRM methodologies, policies, and standards.

• Assess new and existing development, testing, deployment, monitoring, and security technologies across multiple business units.

• Collaborate with developers, engineers, and support teams to implement and automate security controls, including cloud and container security, within CI/CD pipelines.

• Partner with cross functional teams including Cloud, Engineering, Architecture, IT Asset Management, Infrastructure, and Line 2 to ensure effective risk process execution and alignment with enterprise governance.

• Provide expertise in security incident investigations and support timely communication and documentation of risk assessment results.

• Contribute to continuous improvement initiatives by challenging existing processes and identifying efficiencies.

• Build strong working relationships across diverse, multicultural teams to promote effective risk management practices.

• Bachelor’s degree in Computer Science, Engineering, IT Security, or a related discipline, or equivalent practical experience.

• Professional certifications such as CISSP, CISA, CRISC, or CISM, or actively working toward certification, are considered an asset.

• 5 to 7 years of experience in technology risk, information security, cybersecurity, IT audit, compliance, or related fields, preferably within a regulated financial services or insurance environment.

• Strong knowledge and hands on experience in risk assessment, incident response, regulatory requirements, and control frameworks.

• Familiarity with regulatory and industry frameworks such as OSFI B-13, NIST, SOC 1, SOC 2, ISO 27001, and CIS Controls.

• Proficiency with governance and collaboration tools such as Archer, Jira, Confluence, and ServiceNow.

• Foundational knowledge of cloud security, identity and access management, data protection, infrastructure security, and broader cybersecurity concepts.

• Strong analytical, documentation, and organizational skills with the ability to manage multiple priorities and complex risk scenarios.

• Ability to understand IT processes and associated risks, identify key controls, and provide practical, actionable recommendations.

• Excellent communication and stakeholder management skills with the ability to collaborate effectively across technology, cybersecurity, privacy, and risk teams.

• Team oriented mindset with a commitment to knowledge sharing, mentorship, and continuous improvement.

Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.

# MFCJP00016262