ITAM Analyst

Job Description

We are seeking a highly skilled Senior Risk/Compliance Specialist to lead and support cybersecurity governance, risk, and compliance efforts. The successful candidate will coordinate and perform risk assessments, interpret security standards and legislation, and drive the implementation of policies, controls, and processes that align with enterprise risk and compliance objectives.
Key Responsibilities:

Lead security and vendor risk assessments, identify risks and gaps, and develop mitigation strategies for third-party vendors.

Conduct in-depth assessments of vendor security domains and prepare reports for stakeholders and executive management.

Develop and implement cybersecurity governance frameworks, policies, and procedures with cross-functional teams.

Support audits, regulatory and compliance activities through detailed documentation and analysis.

Collaborate with project teams, solution architects, and operations to ensure the integration of appropriate security controls.

Identify and recommend security requirements and controls during solution design and procurement processes.

Work with Enterprise Architecture and Security teams to ensure solutions align with compliance standards and policies.

Act as a subject matter expert on cybersecurity during project-based initiatives.

Assist in developing governance artifacts, processes, and standards within the Cybersecurity Risk Management and Governance Program.

Conduct ongoing compliance reviews against organizational and regulatory standards (e.g., Metrolinx policies).

Provide technical advice and support during implementation of security controls and corrective action plans.

Communicate risk and compliance updates across cybersecurity teams, internal stakeholders, and leadership.

Required

Experience and Skills:

7+ years of experience in information security, including work on large-scale security projects.

Demonstrated expertise in security governance, risk management, and compliance.

In-depth knowledge of internal control frameworks and technical concepts including logical access control, secure coding, and network security.

Experience conducting gap analysis, risk assessments, and designing remediation strategies.

Familiarity with GRC tools (e.g., Service Now, One Trust, Audit Board) is a strong asset.

Strong working knowledge of standards and regulations such as ISO 27001, NIST, PCI-DSS.

Proven experience in third-party risk management and defining contractual security requirements in procurement lifecycles.

Excellent verbal and written communication skills, with ability to convey complex technical concepts to diverse audiences.

Ability to work independently and prioritize tasks in a fast-paced, multi-project environment.

Proficient with Microsoft Office tools including Word, Excel, PowerPoint, Power BI, and Visio.