Senior Risk​/Compliance Specialist

Role

Title:

Senior Risk / Compliance Specialist

Department: Risk, Security & Governance

Employment Type: Full-Time / Contract

Location: Hybrid, Downtown Toronto

The Senior Risk / Compliance Specialist is responsible for leading enterprise technology risk assessments, evaluating internal control effectiveness, and ensuring alignment with regulatory, security, and governance requirements. This role provides subject matter expertise across risk management, control design, and compliance monitoring within complex technology environments.

The position partners with technology, security, audit, and business stakeholders to identify control gaps, design remediation strategies, and provide advisory support to senior leadership on risk posture and compliance obligations.

• 7+ years experience Strong understanding of internal control frameworks, control mappings
• 7+ years experience Technical concepts: logical access control, agile development process
• 7+ years experience Expertise in gap analysis, remediation, control design and risk assessments

• Plan and execute risk assessments across systems, applications, infrastructure, and business processes
• Analyze data from multiple sources to identify risk exposure and control weaknesses
• Evaluate control design and operating effectiveness
• Maintain risk registers and assessment documentation

• Design, document, and evaluate internal controls aligned to regulatory and organizational requirements
• Map controls to applicable frameworks and standards
• Define scope and control boundaries for assessments and audits
• Support development and enhancement of governance processes

• Perform structured gap analysis against policies, standards, and control frameworks
• Develop risk remediation plans with measurable outcomes
• Track remediation progress and validate implementation
• Support issue management and risk treatment lifecycle

• Interpret legislation, standards, and internal policy requirements
• Translate compliance obligations into actionable operational and technical controls
• Provide advisory guidance to technical teams and management

• Assess risk across technical domains including:
• Logical access and identity controls
• Security architecture
• Information security programs
• Network security
• Data protection and privacy controls
• Evaluate risk implications of new technologies and system changes

• Prepare risk and compliance reports for management and executive audiences
• Communicate findings, risk exposure, and remediation priorities
• Support audit readiness and regulatory review activities
• Collaborate with cross-functional teams to implement risk mitigation strategies

• Strong understanding of internal control frameworks and control lifecycle management
• Experience with control mapping, control testing, and control effectiveness evaluation
• Expertise in risk assessment methodologies and risk scoring models
• Knowledge of security and technology risk domains including identity management, network security, secure development, and data protection
• Experience interpreting regulatory and compliance requirements
• Strong documentation and technical reporting capabilities

Experience working with one or more of the following is strongly preferred:

• Information security and risk management frameworks
• Control-based compliance frameworks
• Enterprise governance and risk management models

• Governance, Risk, and Compliance (GRC) platforms
• Risk and control documentation systems
• Security and audit evidence management tools
• Data analysis and reporting tools

• Minimum 7 years of experience in risk management, compliance, IT audit, or security governance
• Demonstrated experience performing risk assessments and control evaluations in technology environments
• Proven experience conducting gap analysis and managing remediation programs
• Experience advising senior stakeholders on risk and compliance matters
• Strong verbal and written communication skills

• Professional certifications in risk, audit, security, or governance disciplines
• Experience supporting regulatory reviews or external audits
• Background in complex enterprise or regulated environments
• Risk assessment reports and risk registers
• Control design and evaluation documentation
• Gap analysis findings and remediation plans
• Executive risk and compliance reporting
• Audit and regulatory support documentation

Collaborates with:
Technology, Security, Risk, Audit, Legal, and Business Units

• Timely completion of risk assessments
• Reduction in control gaps and unresolved risk items
• Effective remediation implementation
• Audit readiness and compliance posture improvement
• Clear and actionable executive risk reporting