Senior Risk Analyst, Information Security and Technology Risk

Join Payments Canada as a Senior Risk Analyst in Information Security and Technology Risk. You will be responsible for executing and managing information security and technology focused risk assessments, challenging first-line risk inputs, and reporting on risk trends to senior leadership. This is a full-time position with a competitive compensation package, including annual variable bonus and defined contribution pension plan with employer matching percentage.

Requirements

• College or university certificate/diploma/degree in Computer Science, Business, Information Systems/Technology, Cyber Security or related fields.
• Information security certifications, both GRC or technical practitioner focused, are assets including those offered by EC-Council, GIAC/SANS, ISACA or ISC2.
• Information technology certifications are considered assets including TOGAF or cloud/technology specific practitioner certifications.
• AI risk/safety certifications are assets including AAIR, CAISR, RAI, AIGP or TAISE.
• Minimum five (5) years’ combined experience in technical GRC, IT architecture/engineering and/or cyber-security roles demonstrating work experience with cyber security processes and controls or equivalent experience in a first- or second-line role.
• Strong knowledge of some information security domains, which may include GRC (risk assessment governance, processes and technologies), identity and access management, security architecture/engineering, DevSecOps, cloud security, business continuity and disaster recovery, and security operations.
• Knowledge of information technology domains including enterprise architecture (COBIT, TOGAF or SABSA), cloud computing (GCP) and networking.
• Knowledge of AI/ML concepts including machine learning algorithms/models, deep learning concepts (i.e. neural networks, large language models, etc.), AI governance (i.e. NIST AI Risk Management Framework, Cloud Security Alliance AI Controls Matrix, etc.) and AI regulatory landscapes.
• Knowledge of industry security frameworks, standards, laws, regulations including PIPEDA, NIST/CSE, SOC 2, and/or ISO 27001
• Strong communication skills, to effectively brief leadership on risk analysis outcomes to facilitate risk-informed decision-making.
• Cross-functional stakeholder management skills, essential for guiding projects and initiatives to comply with risk lifecycle management requirements.

Benefits

• Flexible, hybrid (remote/office) environment.
• Competitive compensation package, including annual variable bonus and defined contribution pension plan with employer matching percentage (if eligible).
• Comprehensive health and dental benefit coverage, including mental health coverage, life insurance and a health spending account for you and your dependents (Permanent and temporary employees with contracts 12 months and over).
• Paid time off: minimum four weeks paid vacation, sick and personal days, December holiday shutdown and cultural holiday observance days.
• 26 weeks of paid maternity and parental leave top-up (if eligible)