Senior Information Risk Analyst

Job Description

Senior Information Risk Analyst



Lead high impact information risk initiatives within the insurance sector. Strengthen cybersecurity governance, advance cloud security controls, and influence enterprise risk strategy in a hybrid Toronto environment. Ideal for professionals skilled in NIST, OSFI B-13, SOC, and technology risk management.



What is in it for you:




• Salaried: $80-85 per hour.


• Incorporated Business Rate: $95-100 per hour.


• 10-month contract.


• Full-time position: 37.50 hours per week.


• Weekday schedule and hybrid work model.



Responsibilities:




• Perform information risk assessments in alignment with global IRM methodologies, policies, and standards.


• Assess new and existing development, testing, deployment, monitoring, and security technologies across multiple business units.


• Collaborate with developers, engineers, and support teams to implement and automate security controls, including cloud and container security, within CI/CD pipelines.


• Partner with cross functional teams including Cloud, Engineering, Architecture, IT Asset Management, Infrastructure, and Line 2 to ensure effective risk process execution and alignment with enterprise governance.


• Provide expertise in security incident investigations and support timely communication and documentation of risk assessment results.


• Contribute to continuous improvement initiatives by challenging existing processes and identifying efficiencies.


• Build strong working relationships across diverse, multicultural teams to promote effective risk management practices.



What you will need to succeed:




• Bachelor's degree in Computer Science, Engineering, IT Security, or a related discipline, or equivalent practical experience.


• Professional certifications such as CISSP, CISA, CRISC, or CISM, or actively working toward certification, are considered an asset.


• 5 to 7 years of experience in technology risk, information security, cybersecurity, IT audit, compliance, or related fields, preferably within a regulated financial services or insurance environment.


• Strong knowledge and hands on experience in risk assessment, incident response, regulatory requirements, and control frameworks.


• Familiarity with regulatory and industry frameworks such as OSFI B-13, NIST, SOC 1, SOC 2, ISO 27001, and CIS Controls.


• Proficiency with governance and collaboration tools such as Archer, Jira, Confluence, and ServiceNow.


• Foundational knowledge of cloud security, identity and access management, data protection, infrastructure security, and broader cybersecurity concepts.


• Strong analytical, documentation, and organizational skills with the ability to manage multiple priorities and complex risk scenarios.


• Ability to understand IT processes and associated risks, identify key controls, and provide practical, actionable recommendations.


• Excellent communication and stakeholder management skills with the ability to collaborate effectively across technology, cybersecurity, privacy, and risk teams.


• Team oriented mindset with a commitment to knowledge sharing, mentorship, and continuous improvement.



Why Recruit Action?



Recruit Action (agency permit: AP provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.



# MFCJP