Information Risk Analyst

We are looking for candidates with strong technical expertise to fill this role. Below are the details of the position:

🏦 Industry: IT

💼 Job Title: Information Risk analyst

💻 Mode of Job: Hybrid

📍 Locations: Toronto

📅 Contract: 4 Months

Job Summary:

Position Overview

This role supports the second line of defense and focuses on the use of Generative AI to optimize contract analysis and validate first-line work in vendor risk assessments. The role also involves independent oversight to ensure adherence to policies, regulations, and operational resilience best practices.

Key Responsibilities

• Execute Gen AI prompts to assess vendor contracts and ensure alignment with first-line risk assessments
• Identify and escalate gaps in controls or insufficient supporting evidence
• Validate and audit Gen AI outputs for compliance with third-party risk management policies
• Develop a Gen AI user guide, including documentation standards, best practices, and prompt engineering tips
• Support the Control Self-Assessment (CSA) process by reviewing and validating controls and evidence
• Provide oversight and effective challenge of 1st Line risk assessments within the GWAM segment
• Monitor global technology risk and control assessments, tracking risk remediation efforts
• Contribute to second-line activities such as onboarding reviews, exit simulations, offboarding, and long-term vendor oversight

Must-Have Qualifications

1. 5+ years of hands-on experience in Information Security, Technology Risk, or Third-Party/Vendor Risk.
2. 2+ years of experience working with Generative AI tools, models, and applications within a security or risk context
3. Deep understanding of Independent Risk Management (IRM) and cybersecurity best practices
4. Exceptional communication skills—able to convey complex topics clearly to executives and non-technical stakeholders
5. Strong strategic thinking and decision-making abilities in high-risk environments
6. Experience with independent oversight across business and central functions
7. Solid knowledge of frameworks and standards such as ISO 27001, NIST CSF, NIST 800 series, COBIT, ITIL

Nice-to-Have Skills

• Experience with Azure or other major cloud platforms
• Relevant certifications such as CISSP, CISA, CRISC, CBCP
• Proficiency with IT audit, GRC, or compliance tools and platforms

Familiarity with regulatory environments in Canada, the U.S., and Asia

Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the Canada, Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian's platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.

Dexian's brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit https://dexian.com/ to learn more.

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status

Dexian will on request provide accommodation for disabilities to support your participation in all aspects of Recruitment, Assessment and selection process.