We are seeking a Senior Analyst – Security Compliance to drive contractual compliance, internal security governance, internal security audit support, and supporting other security assessments, ensuring an always audit-ready posture. You will lead customer and partner security audits and assessments, assess and enhance internal security policy compliance, internal security audit support and automate compliance workflows to ensure an always audit-ready posture. The ideal candidate will build a scalable compliance program, consolidate security requirements, and drive continuous and improvement in compliance maturity.
Location: You will be based in our Toronto office and will work in a Hybrid model.
Reporting Relationship : You will report to Senior Manager, Security GRC.
1. Customer & Partner Audit and Assessment Management
- Lead and manage customer and partner security audits, due diligence reviews, and contractual compliance assessments.
- Maintain a centralized security audit management framework, tracking evidence, compliance gaps, and audit response efficiency.
- Develop and maintain a comprehensive evidence library, ensuring pre-validated security documentation is readily available.
- Act as the primary point of contact for customer and partner security inquiries, collaborating with teams for accurate responses.
- Ensure alignment with security frameworks and contractual obligations, maintaining an audit-ready posture.
2. Internal Policy Compliance & Security Governance
- Conduct compliance assessments, gap analyses to measure adherence to security policies.
- Establish a compliance monitoring framework, ensuring continuous tracking and enforcement of security controls.
- Work closely with Technology, Security, Risk, and Business teams to ensure internal controls align with organizational security objectives.
Support regulatory and contractual compliance efforts for security controls, ensuring policies meet industry and legal requirements.
3. Security Maturity Enhancement & Continuous Improvement
- Design and execute a security maturity roadmap, driving incremental improvements in security governance.
- Develop and maintain a security controls library, mapping internal policies to compliance requirements for better governance.
- Drive cross-functional collaboration to embed security best practices into business operations.
- Establish key security metrics and reporting mechanisms to track security maturity progress.
4. Compliance Automation & Process Optimization
- Drive automation of compliance workflows, leveraging GRC tools to enhance efficiency and reduce manual efforts.
- Implement continuous monitoring mechanisms for real-time compliance visibility and proactive risk identification.
- Collaborate with engineering, security, and IT teams to integrate compliance requirements into security and IT operations.
5. Stakeholder Collaboration & Training
- Work closely with Legal, Procurement, Sales, and Security teams to align contractual security commitments with internal policies.
- Conduct internal security compliance training, ensuring teams understand and adhere to security policies.
- Assist in preparing compliance reports and executive dashboards for leadership review.
- Bachelor’s or master’s degree in information security, Cybersecurity, Risk Management, or a related field.
- 5+ years of experience in security compliance, contractual security governance, or IT risk management.
- Strong understanding of security frameworks (ISO 27001, NIST CSF, SOC 2, PCI DSS, etc.).
- Experience in contract security reviews, compliance audits, and risk assessments.
- Familiarity with GRC tools, compliance monitoring solutions, and security automation.
- Excellent stakeholder management skills, with experience working with Legal, Procurement, and IT Security teams.
- Strong analytical, problem-solving, and communication skills.
- Certifications such as CISM, CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are a plus.
- Experience in third-party risk management and vendor security compliance.
- Ability to interpret contractual security requirements and align them with internal policies.
- Hands-on experience with security frameworks, risk assessments, and compliance automation tools.
- Strong project management skills, with experience in compliance remediation efforts.
- Comprehensive Total Rewards Program including bonuses, flexible benefits starting from day 1, and your choice of either a health spending account (HSA) or personal spending account (PSA)
- RRSP matching & defined contribution pension plan
- Learning & development programs and resources including unlimited free access to Coursera and an Educational Assistance Program
- Holistic approach to your well-being, with an Employee Assistance Program for you and your family, access to 24/7 virtual health care, wellness events and a supportive workplace culture
- A workplace committed to investing in Diversity, Equity and Inclusion (DEI) through various initiatives including, employee inclusion groups (EIGs), mentorship, DEI learning and workshops, educational events, and various resources including an internal DEI website and newsletter
- Company-wide paid year-end closure & personal time off (including religious, personal, and volunteer days)
Find out more about the work perks and benefits you get as a Moneris employee at Moneris.com/careers
#LI-Hybrid
#TECH-IND
Note: We welcome and encourage applications from Indigenous peoples, people of colour, people with disabilities, people of all genders, sexual orientation and intersectional identities.
We acknowledge that people from equity-deserving groups (including racialized individuals, women, gender diverse individuals, individuals with disabilities, neurodivergent individuals, members of 2SLGBTQIA+ communities and those born outside of Canada) are less likely to apply for jobs unless they feel they meet all the requirements posted. At Moneris, we believe candidates bring experience to their work in many ways. We encourage you to apply and share, in the application form, the transferrable experience you bring, and how this will support your success in this role.
