← Browse all jobs
TT

Security Analyst III

Tundra Technical - Community
Toronto, OntarioOn-siteJun 4
Apply Now →

About this role

Job Title: Security Analyst III Location: Toronto or Waterloo, ON (Hybrid) Estimated Duration: 6 Months The Opportunity: This role is part of the Information Risk team, within the Group Functions (GF) Information Technology First Line of Defense. The team is responsible for performing risk-based information security assessments for new technologies and maintaining governance frameworks including generative AI technologies, ensuring compliance with information security standards, and managing risks associated with cloud-based, on premises and AI-driven platform and services. Perform GF project and technology information risk assessments including assessing risks and defining controls as well as tracking the implementation of controls. Design, document and/or implement BAU security controls applicable to the cloud-based infrastructure, platform, and services Evaluate products for implementing security controls in the cloud or on-premises spaces. Key Responsibilities: • Conduct comprehensive assessments of IAAS, PAAS, SAAS and generative AI projects, identifying and mitigating risks associated with the solutions. • Develop and implement governance frameworks tailored to generative AI, ensuring alignment with global information risk assessment methodologies. • Collaborate with cross-functional teams to integrate Risk framework with existing processes such as architecture review, project risk management, and Business Continuity & Disaster Recovery. • Manage priorities between tasks, ensuring timely delivery of governance assessments and updates. • Participate in project meetings to advise on risks and impact around the changes, provide timely updates to the stakeholders. • Ensure each information risk assessment completed is peer-reviewed for completeness before distribution to stakeholders. • Support operational security activities including segment specific security processes (e.g., incident response, vulnerability management, Firewall reviews). • Provide training to key stakeholders around the information risk assessment processes and security best practices. • Respond to audits, regulatory reviews, risk and controls self-assessments • Stay informed on emerging AI technologies, evolving threats, and opportunities within the AI governance discipline. Candidate Requirements/Must Have Skills: • 5+ years of experience in Information Risk management: vendor risk management, project risk management, IT audit or IT controls assessment • Experience in a combination of relevant technical disciplines in the field of Information Security: network security, application security, identity and access management, IT operations security, vulnerability management, information protection, physical security, cybersecurity • Deep knowledge of cloud computing security and IaaS, PaaS or SaaS environments. • Familiarity with laws and standards frameworks (e.g., NIST, ISO27001, GDPR, Sarbanes-Oxley, EU AI Act). Competencies: • Strong communication and influencing skills, with the ability to foster a culture of AI governance and risk management. • Effective problem-solving and analytical skills, with an innovative approach to information security risk management culture, problem solving, analytical and innovative • Strong presentation and facilitation skills for diverse audiences. • Ability to build and maintain strong relationships across teams and stakeholders. • Collaborative team player with excellent time management and organizational skills to handle multiple tasks and changing priorities. Nice-To-Have Skills: • Understanding of the financial industry and its regulatory requirements is preferred. Education: • Degree in Computer Science, Information Technology, Data Science, Business Administration, or relevant educational and professional experience. • Relevant professional designations (e.g., CISSP, CRISC, CISM, CISA) are a plus.
Want to see how well you match this job?
Get AI-scored for free →