IT Security Analyst – GRC (Full time permanent - Direct Hire)

Location: Toronto

Work Model: Fully Remote (will some occasional meet ups)

Industry: Cybersecurity / Risk Management

Our client is seeking an IT Security Analyst – GRC to support and expand a growing governance, risk, and compliance program. This role focuses heavily on vendor risk assessments, policy management, and the use of GRC tools to strengthen security and compliance across the organization.

What You’ll Do

• Perform vendor risk assessments

• Support governance, risk, and compliance initiatives

• Develop, update, and maintain security policies

• Leverage GRC platforms for compliance monitoring

• Partner with cross-functional teams on cybersecurity and risk initiatives

• Contribute to long-term GRC program growth

Must-Have Qualifications

• 3–4 years of GRC experience

• Hands-on experience with GRC tools (OneTrust, Archer, Trata, or similar)

• Strong background in vendor risk management and compliance

• Fundamental cybersecurity knowledge

Nice-to-Have Qualifications

• Experience with CrowdStrike or security operations

• CRISC or equivalent certification

• Experience in fast-paced, commercial environments