- The expected rate range for this position is $70/Hr - $75/Hr per hour, depending on experience, skills, and internal equity.
- The Company offers a total rewards package in accordance with all applicable federal, provincial, and local laws and requirements.
- Benefit eligibility and offerings vary based on role, employment status, and work location.
- For contractor positions, benefits are limited to those entitlements and protections required by applicable law, which may include (as applicable) vacation pay, public holidays, leaves of absence, and other legally mandated benefits or payments.
- We may use AI-enabled and/or automated tools to support parts of our recruitment process, including application screening, interview scheduling, and candidate communications.
- These tools are used to enhance consistency and efficiency.
- All hiring decisions involve human review and are not based solely on automated processing.
The Opportunity:
- As part of the Information Risk team, the Security Analyst III will play a key role in ensuring the secure implementation and governance of new technologies.
- The role focuses on performing risk-based assessments of IT projects and platforms, including cloud infrastructure, SaaS solutions, and generative AI technologies.
- You will be responsible for identifying potential information security risks, recommending mitigation controls, and ensuring those controls are implemented effectively.
- The role also contributes to the development and maintenance of governance frameworks for AI systems and cloud platforms, helping the organization meet regulatory and security compliance requirements.
- In addition, you will collaborate closely with cross-functional teams including technology architecture, project management, IT operations, and security teams to embed risk management processes within technology initiatives.
Key Responsibilities:
Information Risk Assessments:
- Perform risk-based security assessments for technology initiatives including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and generative AI platforms.
- Identify security vulnerabilities, operational risks, and compliance gaps associated with new technologies or system implementations.
- Recommend appropriate mitigation strategies and security controls to reduce identified risks.
- Track remediation activities and ensure that security controls are properly implemented.
AI Governance & Risk Framework Development:
- Contribute to the design and implementation of governance frameworks for generative AI technologies, ensuring alignment with internal risk methodologies and regulatory expectations.
- Ensure that generative AI initiatives follow responsible AI principles, security controls, and risk management policies.
- Stay informed about emerging AI risks, threats, and regulatory requirements impacting enterprise AI adoption.
Security Controls Design & Implementation:
- Design, document, and implement business-as-usual (BAU) security controls across cloud and on-premise technology environments.
- Evaluate security products and technologies to strengthen security controls across infrastructure, platforms, and applications.
- Support the implementation of security best practices across enterprise systems.
Cross-Functional Collaboration:
- Work closely with architecture teams, project managers, developers, and operational teams to integrate security risk assessments into technology initiatives.
- Participate in project meetings and design discussions, providing expert advice on potential risks and security impacts.
- Support integration between risk management processes and existing governance structures including:
- Architecture review boards
- Project risk management frameworks
- Business Continuity and Disaster Recovery (BCDR) processes.
Operational Security Support:
- Assist with operational security activities including:
- Incident response processes
- Vulnerability management
- Firewall and access reviews
- Security monitoring processes.
Stakeholder Communication & Training:
- Provide guidance and training to stakeholders on information risk assessment procedures and security best practices.
- Present security findings and recommendations clearly to both technical and non-technical audiences, including leadership teams.
- Build strong working relationships across teams to support a security-aware culture.
Compliance & Audit Support:
- Support internal and external audits, regulatory reviews, and risk control assessments.
- Ensure adherence to global regulatory frameworks and standards.
- Maintain documentation related to risk assessments, security controls, and governance frameworks.
Candidate Requirements (Must-Have Skills):
Information Risk Management Experience
- Minimum 5 years of experience in Information Risk Management, including areas such as:
- Vendor risk management
- Project risk assessments
- IT audits
- IT control assessments.
Information Security Expertise
- Practical experience across multiple security domains such as:
- Network security
- Application security
- Identity and Access Management (IAM)
- IT operations security
- Vulnerability management
- Information protection
- Cybersecurity risk management.
Cloud Security Knowledge
- Strong understanding of cloud computing environments, including IaaS, PaaS, and SaaS platforms.
- Experience designing and evaluating security controls within cloud architectures.
Security Standards and Regulatory Frameworks
- Familiarity with global security standards and regulatory frameworks such as:
- NIST
- ISO 27001
- GDPR
- Sarbanes-Oxley (SOX)
- EU AI Act.
