Senior IT Compliance & Cyber Risk Analyst

GTT, LLC • Contract • Toronto, Ontario, Canada • C$ 55 - C$ 65 / hour • 2d ago

Primary Job Title:
Senior IT Compliance & Cyber Risk Analyst

Alternate / Related Job Titles:

Senior IT Risk & Compliance Analyst
Cybersecurity Compliance Analyst
IT GRC Analyst (Senior)
Technology Compliance & Audit Analyst
Cyber Risk & Audit Lead

Location & Onsite Flexibility:
Toronto, ON — Hybrid (ideally 2–3 days onsite per week; flexible/negotiable)

Contract Details

Position Type: Contract
Contract Duration: 12 Months (Renewable)
Start: As Soon As Possible
Pay Rate: $55–$65/hour

Role Overview

Our client is seeking a Senior IT Compliance & Cyber Risk Analyst to support enterprise compliance, audit readiness, and risk management initiatives within a regulated environment. This role is primarily functional but requires a strong technical understanding of GxP/GMP, cybersecurity controls, and audit frameworks.

The successful candidate will focus heavily on PCI-DSS and GxP (GMP) compliance from a technology and cybersecurity perspective, while also supporting third-party risk management (TPRM) and broader cybersecurity governance efforts. This individual will partner closely with IT, Security, and business stakeholders to drive audit readiness, remediation, and compliance maturity.

Key Responsibilities

Compliance, Risk & Audit

Serve as a subject matter expert for PCI-DSS and GxP/GMP compliance, supporting assessments, remediation tracking, and audit readiness
Conduct IT and cybersecurity risk assessments, including control design, effectiveness testing, and gap analysis
Support internal and external audits, including evidence collection, walkthroughs, and issue remediation
Perform impact assessments and root-cause analysis related to cybersecurity incidents and compliance findings
Assist in developing and maintaining information security, privacy, and technology compliance policies, standards, and procedures

Third-Party Risk Management (TPRM)

Participate in vendor onboarding and ongoing vendor reviews, including security questionnaires, risk scoring, and remediation follow-ups
Evaluate third-party controls related to data protection, access management, and regulatory compliance

Training & Enablement

Design and deliver internal training programs on cybersecurity best practices, compliance requirements, and audit readiness
Create clear, user-friendly guidance and awareness materials to support enterprise-wide compliance adoption

Reporting & Metrics

Develop and maintain compliance and risk dashboards to report status, trends, and key risk indicators to leadership
Monitor emerging regulatory and cybersecurity risks and recommend mitigation strategies

Required Experience & Qualifications

Required (Must-Have)

5+ years of experience in IT compliance, cybersecurity risk, or technology audit roles
Hands-on experience with PCI-DSS and GxP (GMP) in regulated environments
Experience supporting audits, including control testing, documentation, and remediation tracking
Proven ability to design and deliver cybersecurity and compliance training
Strong stakeholder communication skills, with the ability to translate regulatory requirements for non-technical audiences

Preferred Certifications

One or more of the following: CISA, CISSP, CISM
Additional compliance, audit, or risk certifications are considered an asset

Nice-to-Have

Experience with TPRM programs, vendor risk assessments, and security questionnaires
Exposure to SOX, data privacy regulations, or formal GRC tools
Experience helping build or mature enterprise cybersecurity or compliance programs

What Makes a Strong Fit

Deep, practical experience with PCI and GxP/GMP, not just theoretical knowledge
Comfortable working in audit-heavy, highly regulated environments
Able to balance hands-on compliance execution with training and enablement responsibilities
Strong blend of risk management, audit expertise, and communication skills

Client Overview

Our client is an innovative beauty brand parent company behind globally recognized names such as NIOD, Hylamide, and The Ordinary. They are passionate about redefining the beauty industry and are always excited to meet individuals who want to bring their creativity and expertise to a fast-growing, forward-thinking organization.

About GTT

GTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company based in Alaska. As a Native American-owned, economically disadvantaged corporation, GTT is deeply committed to diversity, equity, and inclusion. Our clients include Fortune 500 organizations across banking, insurance, financial services, technology, life sciences, biotech, utilities, and retail throughout the U.S. and Canada.