IT Risk Analyst - Security, Regulatory

Role Overview

We are seeking a seasoned Senior IT Risk Specialist to join our governance and compliance team. This role is pivotal in maintaining oversight of our IT risk governance frameworks, ensuring that policies and standards are not only met but consistently monitored for improvement. You will act as a key advisor on IT risk matters, bridging the gap between technical operations and regulatory compliance to enhance our overall security posture.

Key Responsibilities

• Risk Governance & Oversight: Maintain and monitor IT risk governance frameworks, tracking KRIs, KPIs, and audit statuses to ensure alignment with organisational standards.
• Assessment & Testing: Conduct comprehensive IT risk assessments and support the ongoing testing and monitoring of internal controls.
• Reporting & Analysis: Perform deep-dive data analysis to prepare monthly and quarterly reports for senior stakeholders, highlighting risk trends and remediation progress.
• Advisory Services: Respond to internal risk assessment requests, advising on treatment plans and ensuring contractual security requirements are robust.
• Stakeholder Management: Communicate complex risk matters to various stakeholders, providing clear guidance on necessary actions to improve the organisation's risk profile.

Required Skills and Qualifications

• 5–7 years of experience in technology operations, risk management, cybersecurity, or IT audit.
• Comprehensive knowledge of risk management practices including governance, controls, and compliance.
• Familiarity with regulatory frameworks such as OSFI, PIPEDA, PCI-DSS, or NIST.

Nice-to-Have Qualifications

• Strong documentation and reporting skills with an ability to synthesise complex data.
• Experience working within highly regulated IT environments.
• Professional certifications such as CRISC, CISA, or CISSP.