Risk / Compliance Analyst

Primary Job Title:
Risk / Compliance Analyst Alternate/Related Job Titles:

• Information Security Risk Analyst
• Governance, Risk & Compliance (GRC) Specialist
• Cybersecurity Compliance Consultant

Location:
Toronto, ON, Canada Onsite Flexibility:
Hybrid – 3 days onsite Contract Details:

• Position Type: Contract
• Contract Duration: 6 months
• Start: 09/06/2025
• End: 03/06/2026
• Pay Rate: C$70–C$78/hr

Job Summary:
The Risk / Compliance Analyst will lead and support cybersecurity risk management and compliance initiatives, ensuring adherence to internal controls, regulatory requirements, and industry standards. This role involves conducting vendor risk assessments, developing governance frameworks, and collaborating with cross-functional teams to implement security controls and policies that protect organizational assets and data. Key Responsibilities:

• Lead security and vendor risk assessments, identifying risks and gaps, and developing mitigation strategies for third-party vendors.
• Conduct detailed security domain assessments for vendors, communicate findings, and prepare reports for management and stakeholders.
• Develop and implement cybersecurity governance frameworks, policies, and procedures in collaboration with internal teams.
• Support audit, compliance, and regulatory requests through precise documentation and analysis.
• Collaborate with internal teams and vendors to establish cybersecurity requirements for new solutions.
• Recommend and implement security controls to address identified risks.
• Work closely with Enterprise Architecture, Solution Delivery, Security, and Operations teams to ensure compliance with policies and standards.
• Identify needs for new policies and standards; assist in their creation, review, and approval.
• Serve as a cybersecurity resource for project-specific tasks.
• Perform ongoing compliance work related to regulatory requirements and internal standards.
• Develop processes, procedures, governance artifacts, and security controls for the Cybersecurity Risk Management and Governance/Compliance Programs.
• Assist with security audits and threat/risk assessments, taking corrective actions as needed.
• Provide advice and technical assistance in implementing security controls for projects.
• Communicate regularly with cybersecurity teams, stakeholders, and project teams, escalating issues when necessary.
• Support the integration of security principles into system development, deployment, and operations.

Required Experience:

• 7+ years of experience in information security, including large-scale security projects.
• Proven leadership in vendor risk assessments and mitigation strategies.
• Expertise in developing and implementing cybersecurity governance frameworks, policies, and procedures.
• Strong background in contractual security requirements and third-party risk management.
• Proficiency in cybersecurity risk management and related tools (e.g., ServiceNow, OneTrust, Audit Board).
• In-depth knowledge of PCI-DSS, NIST, and ISO 27001.
• Experience facilitating cybersecurity awareness training.
• Strong communication, interpersonal, and presentation skills.

Nice-to-Have Experience:

• Experience with Governance, Risk, and Compliance (GRC) tools.
• Familiarity with agile development, secure coding, and security architecture.

Required Skills:

• Cybersecurity governance and compliance expertise
• Vendor and third-party risk assessment
• Knowledge of PCI-DSS, NIST, ISO 27001

Preferred Skills:

• GRC tool proficiency (e.g., ServiceNow, OneTrust)
• Secure coding principles
• Security architecture design
• Privacy and data protection knowledge

Additional Skills:

• Internal control frameworks and mappings
• Logical access control
• Risk remediation and control design
• Gap analysis
• Information security and network security
• Contract negotiation with procurement and legal teams
• Cybersecurity awareness training delivery
• Microsoft Office, PowerBI, Visio proficiency

Benefits:

• Medical, Vision, and Dental Insurance Plans
• 401k Retirement Fund

About the Client:
A leading public transit infrastructure organization committed to safety, regulatory compliance, and secure operations, focusing on risk management and cybersecurity governance. About GTT:
GTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company in Alaska. As a Native American-owned, economically disadvantaged corporation, we highly value diverse and inclusive workplaces. Our clients are Fortune 500 banking, insurance, financial services, and technology companies, along with some of the nation’s largest life sciences, biotech, utility, and retail companies across the US and Canada. We look forward to helping you land your next great career opportunity! 25-24597 #gttca #LI-GTT #LI-Hybrid