Information Security Analyst (AI / First Line of Defense) WTL, ON

About The Position

Requirements

• Degree in Computer Science, Information Technology, Data Science, Business Administration, or equivalent educational and professional experience.
• 5 years of experience in Information Risk Management, including vendor risk management, project risk management, IT audit, or IT controls assessment.
• Experience across multiple information security disciplines, including network security, application security, identity and access management, IT operations security, vulnerability management, information protection, physical security, and cybersecurity.
• Deep knowledge of cloud computing security and IaaS, PaaS, and SaaS environments.
• Familiarity with regulatory and security frameworks such as NIST, ISO 27001, GDPR, Sarbanes-Oxley, and the EU AI Act.
• Strong communication and influencing skills with the ability to promote AI governance and risk management practices.
• Strong presentation and facilitation skills for a variety of audiences, including senior leadership.
• Excellent problem-solving and analytical abilities, with an innovative approach to information security risk management.
• Proven ability to build and maintain effective relationships with stakeholders and cross-functional teams.
• Strong organizational and time management skills, with the ability to manage multiple priorities in a changing environment.
• Collaborative team player with strong interpersonal skills and a proactive mindset.
• Passion for advancing AI governance and information security practices.

Nice To Haves

• Professional certifications such as CISSP, CRISC, CISM, or CISA are considered an asset.
• Understanding of the financial services industry and its regulatory requirements is preferred.

Responsibilities

• Perform information risk assessments for projects, technologies, and generative AI initiatives by identifying risks, defining controls, and tracking control implementation.
• Conduct comprehensive assessments of IaaS, PaaS, SaaS, and generative AI projects, identifying and mitigating associated risks.
• Develop and implement governance frameworks for generative AI aligned with global information risk assessment methodologies.
• Collaborate with cross-functional teams to integrate risk frameworks with architecture reviews, project risk management processes, and business continuity and disaster recovery activities.
• Design, document, and implement business-as-usual security controls applicable to cloud-based infrastructure, platforms, and services.
• Evaluate products for implementing security controls in cloud and on-premises environments.
• Manage competing priorities to ensure timely completion of governance assessments and updates.
• Participate in project meetings to provide guidance on risks, impacts, and security considerations, while delivering timely updates to stakeholders.
• Ensure all information risk assessments are peer-reviewed for completeness before distribution to stakeholders.
• Support operational security activities, including incident response, vulnerability management, and firewall reviews.
• Deliver training to stakeholders on information risk assessment processes and security best practices.
• Respond to audits, regulatory reviews, risk and control self-assessments, and related inquiries.
• Stay informed about emerging AI technologies, evolving threats, and developments in AI governance.

Benefits

• Salaried: $55-65 per hour.
• Incorporated Business Rate: $65-75 per hour.
• 6-month contract with the potential for permanent employment.
• Full-time position: 37.50 hours per week.
• Hybrid work arrangement (3 days on-site).