Cybersecurity / IT Application Security Analyst
Hybrid opportunity in Toronto within the insurance industry supporting enterprise information and cybersecurity risk initiatives. This role focuses on risk assessments, security frameworks, vulnerability management, and collaboration with technology teams to strengthen operational resilience and regulatory compliance.
What is in it for you:
- Salaried: $55-65 per hour.
- Incorporated Business Rate: $65-75 per hour.
- 3-month contract with the potential for permanent employment.
- Full-time position: 37.50 hours per week.
- Remote on Monday and Friday; on-site Tuesday to Thursday.
Responsibilities:
- Act as a primary contact for information and cybersecurity requirements within Group Functions Technology.
- Support business and technology teams in aligning with organizational and regulatory information security guidelines and best practices.
- Assist teams in identifying, assessing, and managing cybersecurity and technology risks across systems and operations.
- Lead and participate in projects and initiatives to ensure risk considerations are integrated into planning and delivery.
- Contribute to strengthening operational resilience and the continuity of critical business operations and services.
- Collaborate with Information Security, Information Protection, and Vendor Risk Management teams to support enterprise risk management initiatives.
- Support Level 2 and Level 3 reviews of risk program practices and provide recommendations for improvement.
- Conduct security risk assessments, vulnerability management activities, and security testing initiatives.
- Assist with security monitoring and threat analysis to identify potential vulnerabilities and risks.
- Prepare and maintain documentation, reports, and dashboards related to risk management initiatives.
- Engage stakeholders to communicate risk findings and provide security recommendations.
- Contribute to regulatory compliance efforts and ensure risk considerations are integrated into technology and operational initiatives.
What you will need to succeed:
- Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related discipline is preferred.
- Professional certifications such as CISSP, CSSLP, OSCP, or other recognized cybersecurity certifications are considered an asset.
- 5 years of experience in cybersecurity, information security, or technology risk management roles.
- Strong knowledge of security controls, vulnerability management practices, and risk management frameworks such as NIST CSF and ISO 27001/27002.
- Experience with cybersecurity assessment frameworks such as PTES, OWASP, or OSSTM and exposure to penetration testing practices.
- Hands-on experience conducting risk assessments, threat modeling, vulnerability assessments, and security testing.
- Proficiency with security technologies including SIEM platforms, IDS/IPS, endpoint protection solutions, and vulnerability scanning tools.
- Experience with governance, risk, and compliance platforms or ticketing systems such as ServiceNow Security Operations or Archer GRC.
- Experience with collaboration and documentation tools including JIRA, Confluence, and Microsoft 365.
- Proficiency with data analysis and visualization tools such as Tableau or Power BI.
- Knowledge of cybersecurity principles, internal controls, and enterprise risk management practices.
- Familiarity with legal and regulatory requirements related to cybersecurity, technology risk management, and IT governance.
- Strong analytical, communication, and stakeholder engagement skills.
- Ability to work effectively in a fast-paced environment with evolving regulatory requirements.
- Experience in the financial services or insurance industry is considered an asset.
- Experience supporting user education or cybersecurity awareness initiatives is considered an asset.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.
# MFCJP00016381
# RA1
Pay: $55.00-$75.00 per hour
Benefits:
Application question(s):
- Are you comfortable reporting to the office 3 days per week?
Education:
- Bachelor's Degree (required)
Experience:
- Cybersecurity, information security, or technology risk mgmt: 5 years (required)
- Strong knowledge of security controls: 1 year (required)
- Penetration testing practices: 1 year (required)
- SIEM, IDS/IPS, endpoint protection, vulnerability scanning: 1 year (required)
- Legal (cybersecurity, tech risk mgmt, IT governance): 1 year (required)
- Financial services or insurance industry: 1 year (preferred)
- Tableau or Power BI: 1 year (preferred)
- ServiceNow Security Operations or Archer GRC: 1 year (preferred)
- NIST CSF and ISO 27001/27002: 1 year (required)
- Cybersecurity assessment frameworks (PTES, OWASP, or OSSTM): 1 year (required)
- JIRA, Confluence, and Microsoft 365: 1 year (required)
- Application security : 2 years (required)
Licence/Certification:
- Professional certifications (e.g., CISSP, CSSLP, OSCP) (required)
Work Location: Hybrid remote in Toronto, ON M4W 1E5
