Security Analyst III

Job Title: Security Analyst III
Location: Toronto, Waterloo, ON (Hybrid)
Estimated Duration: 6 Months

The Opportunity:
This role is part of the Information Risk team, within the Group Functions (GF) Information Technology First Line of Defense. The team is responsible for performing risk-based information security assessments for new technologies and maintaining governance frameworks including generative AI technologies, ensuring compliance with information security standards, and managing risks associated with cloud-based, on premises and AI-driven platform and services.

• Perform GF project and technology information risk assessments including assessing risks and defining controls as well as tracking the implementation of controls.
• Design, document and/or implement BAU security controls applicable to the cloud-based infrastructure, platform, and services
• Evaluate products for implementing security controls in the cloud or on-premises spaces.

Key Responsibilities:

• Conduct comprehensive assessments of IAAS, PAAS, SAAS and generative AI projects, identifying and mitigating risks associated with the solutions.
• Develop and implement governance frameworks tailored to generative AI, ensuring alignment with global information risk assessment methodologies.
• Collaborate with cross-functional teams to integrate Risk framework with existing processes such as architecture review, project risk management, and Business Continuity & Disaster Recovery.
• Manage priorities between tasks, ensuring timely delivery of governance assessments and updates.
• Participate in project meetings to advise on risks and impact around the changes, provide timely updates to the stakeholders.
• Ensure each information risk assessment completed is peer-reviewed for completeness before distribution to stakeholders.
• Support operational security activities including segment specific security processes (e.g., incident response, vulnerability management, Firewall reviews).
• Provide training to key stakeholders around the information risk assessment processes and security best practices.
• Respond to audits, regulatory reviews, risk and controls self-assessments
• Stay informed on emerging AI technologies, evolving threats, and opportunities within the AI governance discipline.

Candidate Requirements/Must Have Skills:

• 5+ years of experience in Information Risk management: vendor risk management, project risk management, IT audit or IT controls assessment
• Experience in a combination of relevant technical disciplines in the field of Information Security: network security, application security, identity and access management, IT operations security, vulnerability management, information protection, physical security, cybersecurity
• Deep knowledge of cloud computing security and IaaS, PaaS or SaaS environments.
• Familiarity with laws and standards frameworks (e.g., NIST, ISO27001, GDPR, Sarbanes-Oxley, EU AI Act).

Competencies:

• Strong communication and influencing skills, with the ability to foster a culture of AI governance and risk management.
• Effective problem-solving and analytical skills, with an innovative approach to information security risk management culture, problem solving, analytical and innovative
• Strong presentation and facilitation skills for diverse audiences.
• Ability to build and maintain strong relationships across teams and stakeholders.
• Collaborative team player with excellent time management and organizational skills to handle multiple tasks and changing priorities.

Nice-To-Have Skills:

• Understanding of the financial industry and its regulatory requirements is preferred.

Education:

• Degree in Computer Science, Information Technology, Data Science, Business Administration, or relevant educational and professional experience.
• Relevant professional designations (e.g., CISSP, CRISC, CISM, CISA) are a plus.