IT Risk and Compliance Analyst

Our client has an immediate opening for a Senior IT Risk and Compliance Analyst to join their team in Mississauga. 

In your new role as a Senior IT Risk and Compliance Analyst, you will support and strengthen an enterprise-wide IT Risk and Compliance program. You will work closely with the Director to design, implement, and monitor risk and control initiatives that align with regulatory requirements, internal policies, and client expectations. This role offers the opportunity to contribute meaningfully to overall risk posture while collaborating with cross-functional teams across the organization.

This is a hybrid role with requirements to be on site 3 days a week, providing a balance between remote flexibility and in-person collaboration. 

About The Role: 

Lead the ongoing execution and effectiveness of the IT Risk and Compliance program, ensuring technology risks are identified, assessed, monitored, and reported across infrastructure, applications, cloud platforms, and related processes. 

• Maintain the IT risk register, capturing assessment results, emerging risks, and control trends, and ensuring risk information is current, consistent, and decision‑useful.
• Prepare and maintain IT risk reporting, including KRIs, KPIs, dashboards, and analysis used to support audits, client discussions, and management oversight.
• Perform control testing activities, identify control gaps, deficiencies, and thematic issues, and validate remediation actions to confirm issues are addressed in line with internal requirements, regulatory expectations, and client commitments.
• Act as the primary point of contact for IT risk and compliance matters during internal audits, external audits, client assessments, and third‑party reviews including PCI DSS, CCM, ISO 27001 certifications, engaging directly with auditors, assessors, and stakeholders.
• Review, validate, and maintain audit and assessment evidence, ensuring submissions are accurate, complete, traceable, and aligned with stated control objectives and risk assertions.
• Execute ongoing IT risk and compliance activities, including access and privilege reviews, firewall rule reviews, SOC report reviews, social engineering simulation, and exception tracking, ensuring issues are appropriately risk‑rated and documented.
• Review and assess the results of penetration testing, vulnerability assessments, and similar technical testing, validate remediation actions, and track findings through to closure.
• Support the issue management lifecycle, including documenting findings, validating corrective actions, and supporting risk acceptance where residual risk remains.
• Collaborate with Legal, Privacy, Vendor Management, Enterprise Risk, Corporate Security, and Sales to support contract reviews, vendor assessments, and client due‑diligence activities.
• Review IT policies, architecture artefacts, and solution designs to assess alignment with existing controls and security requirements, providing practical, risk‑based input.
• Provide technical guidance and support to ensure consistent assessment practices, evidence quality, and sound professional judgment across the team.

What You Need to Succeed:

Education: 

• Post‑secondary diploma or university degree in a related discipline, or an equivalent combination of education, training, and relevant experience.
• Relevant professional certification(s) in IT audit, security, cloud security, or risk management (e.g., CISA, CISSP, CISM, CRISC, CGEIT, CCSK, CCSP, or equivalent), preferred.

Experience: 

• Minimum of five (5) years of practical, hands‑on experience executing IT risk assessments, technical control testing, and audit support activities within IT Risk Management, Information Security, IT Audit, or IT Risk and Compliance functions.

Experience operating in banking, financial services, or other highly regulated enterprise environments, with direct responsibility for reviewing technical evidence, assessing control effectiveness, and supporting internal and external audits.

Skills and Knowledge: 

• Solid understanding of the technology threat landscape and applicable regulatory, security expectations,
• Strong working knowledge of industry‑recognized IT control frameworks and standards, including PCI DSS, NIST SP 800‑53, ISO/IEC 27002, COBIT, AICPA Trust Services Criteria (SOC 2), CSA Cloud Controls Matrix (CCM), and Government of Canada Protected B security requirements.
• Experience using GRC tools to support IT risk assessments, control testing, issue management, and risk reporting.
• Awareness of industry trends and emerging practices related to IT risk management, compliance, cloud security, and third‑party risk.

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.

If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.