Information Security Analyst (AI / First Line of Defense) TOR, ON

About the position This role focuses on meaningful technology and security initiatives within cloud environments, information risk, and AI governance. It offers a blend of strategic and hands-on responsibilities in a collaborative hybrid work environment. Responsibilities • Perform information risk assessments for projects, technologies, and generative AI initiatives by identifying risks, defining controls, and tracking control implementation. • Conduct comprehensive assessments of IaaS, PaaS, SaaS, and generative AI projects, identifying and mitigating associated risks. • Develop and implement governance frameworks for generative AI aligned with global information risk assessment methodologies. • Collaborate with cross-functional teams to integrate risk frameworks with architecture reviews, project risk management processes, and business continuity and disaster recovery activities. • Design, document, and implement business-as-usual security controls applicable to cloud-based infrastructure, platforms, and services. • Evaluate products for implementing security controls in cloud and on-premises environments. • Manage competing priorities to ensure timely completion of governance assessments and updates. • Participate in project meetings to provide guidance on risks, impacts, and security considerations, while delivering timely updates to stakeholders. • Ensure all information risk assessments are peer-reviewed for completeness before distribution to stakeholders. • Support operational security activities, including incident response, vulnerability management, and firewall reviews. • Deliver training to stakeholders on information risk assessment processes and security best practices. • Respond to audits, regulatory reviews, risk and control self-assessments, and related inquiries. • Stay informed about emerging AI technologies, evolving threats, and developments in AI governance. Requirements • Degree in Computer Science, Information Technology, Data Science, Business Administration, or equivalent educational and professional experience. • 5 years of experience in Information Risk Management, including vendor risk management, project risk management, IT audit, or IT controls assessment. • Experience across multiple information security disciplines, including network security, application security, identity and access management, IT operations security, vulnerability management, information protection, physical security, and cybersecurity. • Deep knowledge of cloud computing security and IaaS, PaaS, and SaaS environments. • Familiarity with regulatory and security frameworks such as NIST, ISO 27001, GDPR, Sarbanes-Oxley, and the EU AI Act. • Strong communication and influencing skills with the ability to promote AI governance and risk management practices. • Strong presentation and facilitation skills for a variety of audiences, including senior leadership. • Excellent problem-solving and analytical abilities, with an innovative approach to information security risk management. • Proven ability to build and maintain effective relationships with stakeholders and cross-functional teams. • Strong organizational and time management skills, with the ability to manage multiple priorities in a changing environment. • Collaborative team player with strong interpersonal skills and a proactive mindset. • Passion for advancing AI governance and information security practices. Nice-to-haves • Professional certifications such as CISSP, CRISC, CISM, or CISA are considered an asset. • Understanding of the financial services industry and its regulatory requirements is preferred. Benefits • Salaried: \$55-65 per hour. • Incorporated Business Rate: \$65-75 per hour. • 6-month contract with the potential for permanent employment. • Full-time position: 37.50 hours per week. • Hybrid work arrangement (3 days on-site).

Want to see how well you match this job?