Business Analyst – IT III

Job Title: Business Analyst – IT III
Location: Toronto, ON (Hybrid)
Estimated Duration: 3 Months

Position Summary:
Collaborating with the Director, IT Asset Management, you will be responsible for designing, establishing, and operationalizing a comprehensive Software Risk Governance Framework aligned to organizational requirements, including Standards 031 (an internal governance or risk standard), and ensure alignment with applicable framework: Office of the Superintendent of Financial Institutions (OSFI) expectations.

Key Responsibilities:
1. Framework Creation & Governance Design
• Develop an enterprise Software Risk & Governance Framework integrating:
o Standards 031 requirements (as defined internally by the organization).
o SW asset definitions, taxonomy, and attributes
• Define governance structures, including executive accountability, risk ownership, reporting lines, and escalation paths.
2. Compliance Monitoring & Assurance
• Establish monitoring mechanisms to ensure ongoing compliance
• Track compliance with Standards 031 through periodic reviews, self assessments, and evidence collection.
• Coordinate internal and external audits related to cybersecurity, technology governance, and software risk management.
• Partner with cybersecurity teams to integrate vulnerability management, incident reporting, and resilience testing aligned with federal guidance.
3. Reporting & Continuous Improvement
• Produce governance and risk dashboards tracking control maturity, software risks, and compliance with OSFI B 13.
• Report on key risk indicators, remediation activities, and governance outcomes to senior leadership.
• Continuously refine the Software Governance Framework to reflect updates to OSFI guidance, including intersections with other guidelines such as B 10 and E 21. [torys.com]
Required Qualifications

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or related field.
• 3-7 years experience in technology risk, software governance, cybersecurity, or IT compliance.
• Strong understanding of OSFI regulatory guidance, supporting frameworks.
• Experience developing governance frameworks, policies, controls, and maturity models.

Preferred Qualifications

• Experience with GRC tools (e.g., ServiceNow, Archer, OneTrust).
• Knowledge of third party risk frameworks and regulatory requirements.

Soft Skills

• Strong analytical, documentation, and governance design capabilities.
• Excellent communication and ability to influence cross functional teams.
• Detail oriented, structured, and comfortable working in regulatory environments.

Candidate Requirements
Must-Have Skills:

• Service Now Module
• Experience with CMDB
• Governance/Audit — Standards 031
• SAM pro module experience
• Project Co-ordination

Nice-to-have Skills:

• Team Player/Communication
• Self-starter/creative thinker

Years of Experience: 2 – 5 years of experience
Degrees/Certifications Required: Certified SAM is a nice-to-have, and an IT Asset management will be a nice-to-have, and an audit background