Information Technology Security Analyst

Job Title: IT Risk & Compliance Analyst (Senior)

Work Model: Hybrid – 3 days onsite

Location: Mississauga, ON

Role Type: Full Time

Pay Range: 100k-120k

Role Overview

Looking for a senior IT Risk & Compliance professional to help run and strengthen its enterprise IT risk and compliance program. This role works closely with leadership to ensure technology risks are identified, controlled, and compliant with regulatory, internal, and client requirements in a highly regulated environment.

Key Responsibilities

• Lead execution of the IT Risk & Compliance program across infrastructure, applications, and cloud platforms.
• Maintain the IT risk register and ensure risks, controls, and trends are current and well documented.
• Prepare IT risk reporting, including dashboards, KRIs, KPIs, and audit materials.
• Perform control testing, identify gaps, and validate remediation actions.
• Act as the main IT risk contact for internal audits, external audits, client assessments, and third‑party reviews (PCI DSS, ISO 27001, CCM, etc.).
• Review audit evidence to ensure accuracy, completeness, and traceability.
• Execute ongoing compliance activities such as access reviews, firewall reviews, SOC reports, and exception tracking.
• Review results of penetration tests and vulnerability assessments and track issues to closure.
• Collaborate with Legal, Privacy, Vendor Management, Security, and Enterprise Risk teams.
• Review IT policies and solution designs to ensure alignment with security and control requirements.

What You Need

• 5+ years of hands‑on experience in IT Risk, IT Compliance, IT Audit, or Information Security.
• Experience working in banking, financial services, or other regulated environments.
• Strong knowledge of IT risk and control frameworks (PCI DSS, NIST, ISO 27001, COBIT, SOC 2, CSA CCM).
• Experience with control testing, audit support, and risk reporting.
• Familiarity with GRC tools for risk, controls, and issue management.
• Relevant certifications (CISA, CISSP, CISM, CRISC, etc.) are a strong plus.