Information Risk Management Analyst III

Job Title: Information Risk Management Analyst III

Location: Toronto, ON (Hybrid)

Estimated Duration: 10 Months

Job Description

Position Responsibilities
– Perform information risk assessments in alignment with global IRM methodologies, policies, and standards.
– Assess new and existing development, testing, deployment, monitoring, and security technologies across multiple business units.
– Collaborate with developers, engineers, and support teams to implement and automate security controls—including cloud and container security—within CI/CD pipelines.
– Partner with cross?functional teams (Cloud, Engineering, Architecture, IT Asset Management, Infrastructure, Line 2) to ensure effective risk process execution and alignment with enterprise governance.
– Provide expertise in security incident investigations and support timely communication and documentation of risk assessment results.

Professional Skills
– Excellent written and verbal communication skills, with the ability to resolve conflicts and engage effectively with stakeholders at all levels.
– Strong relationship?building skills and ability to collaborate across diverse business units in a multicultural environment.
– Team?oriented mindset with a willingness to share knowledge, mentor others, and contribute to team success.
– Ability to challenge the status quo, seek efficiencies, and drive continuous improvement.

Required Qualifications
– 5 – 7 years of experience in technology risk, information security, cybersecurity, IT audit, compliance, or related fields, preferably in a regulated financial environment.
– Bachelor’s degree in Computer Science, Engineering, IT Security, or related discipline—or equivalent experience.
– Strong understanding of core security domains: risk assessment, incident response, regulatory and control frameworks.
– Experience conducting information risk assessments.
– Familiarity with regulatory frameworks (e.g., OSFI B?13, NIST, SOC 1/SOC 2).
– Proficiency with tools such as Archer, Jira, Confluence, and ServiceNow.
– Foundational knowledge of cloud security, IAM, data protection, infrastructure, or cybersecurity concepts.
– Strong analytical, documentation, and organizational skills, with the ability to balance multiple priorities and manage complex situations.
– Ability to understand IT processes and risks, identify key controls, and provide practical recommendations.
– Proven ability to work effectively with stakeholders across technology, cybersecurity, privacy, and risk teams.

Preferred Qualifications
– Professional certifications or working towards such as CISSP, CISA, CRISC and CISM is an asset
– Familiarity with risk frameworks (NIST CSF, ISO 27001, CIS Controls) is an asset

Must-Have Skills
1) Experience with information security and risk assessment
2) Knowledge about could and infrastructure
3) Experience with generative AI
4) Good Communication skills
5) Good at managing the project and documentation

Nice-to-have Skills—
1) Toronto 200 Bloor
2) Ability to respond on time
3) Quick Learner