Information Technology Security Analyst

Delpath • Contract • Toronto, ON, CA • 22h ago

Location: Downtown Toronto

Hybrid – 3 days in office

Duration: 04/07/2026 to 04/04/2027

Possibility of extension & conversion to FTE: Possibility

Number of Positions: 1

Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week (Possible OT)

Typical Day in Role:

Maintain oversight of IT risk governance frameworks, policies, and standards, by monitoring the status of the KRIs and KPIs, audit, regulatory and self-identified issues, and the IT risk-related matters within the assigned portfolio.

Conduct and record risk assessments; support control testing and monitoring.

Perform data analysis and prepare monthly/quarterly reporting, KPIs, and KRIs.

Respond to IT risk assessment requests and advise on treatment plans and contractual security requirements.

Communicate to the stakeholders the status of the IT risk-related matters, and what it’s required from their end to improve our risk posture.

Candidate Requirements/Must Have Skills:

1) 5–7 years in technology operations, risk management, cybersecurity, audit, or governance.

2) Working knowledge of risk management practices (governance, controls, compliance, audit).

3) General knowledge of regulatory and industry frameworks (PIPEDA, OSFI, PCI‑DSS, NIST)

Nice-To-Have Skills:

Strong documentation and reporting skills.

Understanding of regulatory-driven IT risk environments.

Awareness of common technology risk frameworks (e.g., NIST, ISO 27001).

Best VS. Average Candidate:

Top candidate will have/be someone who has strong understanding of risk management practices, controls, and regulatory‑driven environments. They bring solid knowledge of key frameworks (e.g., NIST, PCI‑DSS, PIPEDA, OSFI), strong analytical and communication skills, and the ability to work independently with minimal ramp‑up time. This candidate stands out for their adaptability, sound judgment, sense of urgency, strong documentation skills, and continuous learning mindset, with relevant certifications (CRISC, CISSP, CISA) considered a strong advantage.