Sr. Analyst,Governance,Risk,and Compliance Job Toronto area,Ontario Canada,IT/Tech

What is the Opportunity?

We are seeking a Senior Analyst, Security Risk & Compliance to join our Governance, Risk, and Compliance team. This role is pivotal in strengthening Aecon’s security posture and ensuring alignment with industry standards and regulatory requirements.

What You'll Do Here:

Conduct comprehensive security risk assessments for new and existing services, applications, technologies, and vendors. Clearly document and communicate findings to relevant stakeholders.

Provide expert consultative advice to Information Services (IS) and business units to support informed risk management decisions.

Recommend and implement appropriate controls to address identified security risks and enhance organizational security.

Identify opportunities to improve processes for security risk identification and management.

Design, operate, and manage a compliance framework aligned with ISO 27001, including associated controls.

Develop and maintain information security governance documentation, including policies, standards, procedures, and guidelines.

Collaborate with Internal Audit, Legal, Privacy, and other stakeholders to ensure IS policies and controls meet all regulatory and organizational requirements.

Facilitate audits and risk reviews with internal/external auditors, clients, and business teams; ensure timely response and track remediation to closure.

Monitor the effectiveness of security controls through the design and implementation of KPIs and KRIs for reporting.

Prepare periodic reports and presentations for senior management, steering committees, and the board of directors.

Assess security controls of vendors and third parties safeguarding company assets through contract and compliance reviews.

Conduct monthly compliance reviews with security service providers to ensure adherence to SLAs and contractual requirements.

Provide backup support for other security team members as needed.

What You Bring to the Team:

Bachelor's degree in Computer Science, Information Security, or a related field.

Professional certifications such as CISM, CISA, CRISC, or CISSP are considered assets.

Minimum 8 years of experience in IT, with at least 5 years in information security/compliance or IT audit, and 3 years in security risk management.

In-depth knowledge of legal and regulatory compliance standards (e.g., GDPR, PCI-DSS, PHIPA, ISO 27001, NIST).

Strong understanding of computer networking concepts, protocols, and IT security methodologies.

Ability to adapt to evolving technical, regulatory, and compliance environments.

Demonstrated results orientation, energy, and self-motivation.

Excellent verbal and written communication skills.

Proven ability to work collaboratively within a team environment.

Strong analytical and problem-solving skills.

Capacity to manage multiple priorities and meet tight deadlines.

Core Competencies

Stakeholder Management:
Ability to influence with and without direct authority; high emotional intelligence and organizational awareness.

Business Acumen:
Deep understanding of business operations, trends, and technologies impacting the organization.

Adaptive Thinking:
Effective change leadership and critical thinking skills; sound analysis and logical reasoning.

Decision Making:
Sound judgment and decision-making in complex, dynamic environments; innovative risk orientation.

Influencing:
Ability to positively influence colleagues and gain genuine agreement.

Problem Solving:
Proficient in applying logic and techniques to resolve complex issues; skilled in asking probing questions to achieve optimal outcomes.


Increase/decrease your Search Radius (miles)



Job Posting Language

Sr. Analyst, Governance, Risk, and Compliance