Senior IT Risk and Compliance Analyst
About the role
Our client has an immediate opening for a Senior IT Risk and Compliance Analyst to join their team in Mississauga.
In your new role as a Senior IT Risk and Compliance Analyst, you will support and strengthen enterprise-wide IT Risk and Compliance program. You will work closely with the Director to design, implement, and monitor risk and control initiatives that align with regulatory requirements, internal policies, and client expectations. This role offers the opportunity to contribute meaningfully to overall risk posture while collaborating with cross-functional teams across the organization.
This is a hybrid role with requirements to be on site 3 days a week, providing a balance between remote flexibility and in-person collaboration.
About The Role: Lead the ongoing execution and effectiveness of the IT Risk and Compliance program, ensuring technology risks are identified, assessed, monitored, and reported across infrastructure, applications, cloud platforms, and related processes. Maintain the IT risk register, capturing assessment results, emerging risks, and control trends, and ensuring risk information is current, consistent, and decision‑useful. Prepare and maintain IT risk reporting, including KRIs, KPIs, dashboards, and analysis used to support audits, client discussions, and management oversight. Perform control testing activities, identify control gaps, deficiencies, and thematic issues, and validate remediation actions to confirm issues are addressed in line with internal requirements, regulatory expectations, and client commitments. Act as the primary point of contact for IT risk and compliance matters during internal audits, external audits, client assessments, and third‑party reviews including PCI DSS, CCM, ISO 27001 certifications, engaging directly with auditors, assessors, and stakeholders. Review, validate, and maintain audit and assessment evidence, ensuring submissions are accurate, complete, traceable, and aligned with stated control objectives and risk assertions. Execute ongoing It risk and compliance activities, including access and privilege reviews, firewall rule reviews, SOC report reviews, social engineering simulation, and exception tracking, ensuring issues are appropriately risk‑rated and documented. Review and assess the results of penetration testing, vulnerability assessments, and similar technical testing, validate remediation actions, and track findings through to closure. Support the issue management lifecycle, including documenting findings, validating corrective actions, and supporting risk acceptance where residual risk remains. Collaborate with Legal, Privacy, Vendor Management, Enterprise Risk, Corporate Security, and Sales to support contract reviews, vendor assessments, and client due‑diligence activities. Review IT policies, architecture artefacts, and solution designs to assess alignment with existing controls and security requirements, providing practical, risk‑based input. Provide technical guidance and support to ensure consistent assessment practices, evidence quality, and sound professional judgment across the team.
What You Need to Succeed:
Education: Post‑secondary diploma or university degree in a related discipline, or an equivalent combination of education, training, and relevant experience. Relevant professional certification(s) in IT audit, security, cloud security, or risk management (e.g., CISA, CISSP, CISM, CRISC, CGEIT, CCSK, CCSP, or equivalent), preferred.
Experience: Minimum of five (5) years of practical, hands‑on experience executing IT risk assessments, technical control testing, and audit support activities within IT Risk Management, Information Security, IT Audit, or IT Risk and Compliance functions. Experience operating in banking, financial services, or other highly regulated enterprise environments, with direct responsibility for reviewing technical evidence, assessing control effectiveness, and supporting internal and external audits.
Skills and Knowledge: Solid understanding of the technology threat landscape and applicable regulatory, security expectations, Strong working knowledge of industry‑recognized IT control frameworks and standards, including PCI DSS, NIST SP 800‑53, ISO/IEC 27002, COBIT, AICPA Trust Services Criteria (SOC 2), CSA Cloud Controls Matrix (CCM), and Government of Canada Protected B security requirements. Experience using GRC tools to support IT risk assessments, control testing, issue management, and risk reporting. Awareness of industry trends and emerging practices related to IT risk management, compliance, cloud security, and third‑party risk.
About Hays
We are leaders in specialist recruitment and workforce solutions, offering advisory services such as learning and skill development, career transitions and employer brand positioning.
As the Leadership Partner to our customers, we invest in lifelong partnerships that empower people and businesses to succeed. We help you achieve your career goals and deliver your business needs by combining meaningful innovation with our global scale and insights.
Last year we helped over 280,000 people find their next career. Join the millions of people around the world that our specialist recruitment consultants provide with up-to-date information on career options, interesting insights and specific industry trends.
We help our customers define and implement strategies to create inclusive and equitable workplaces. Through harnessing and analysing data, we support business decision making and advise on how to access Talent Networks. We also assist in identifying attractive employer propositions by truly understanding a company’s identity, and support clients with all aspects of their Early Careers proposition, from strategic planning through to operational execution.
Hays is the market leader in the UK and Asia Pacific and one of the market leaders in Continental Europe and Latin America. The c.12,800 people we employ around the world partner with clients and candidates to power the world of work. Every day our expert consultants help thousands of candidates find their next role, and they also help clients reshape workforces and deal with talent shortages. In the year to 30 June 2021, we placed 77,000 people in permanent jobs and 244,000 people into temporary roles. For more information about our global network, strategy and Group financial results, visit www.haysplc.com
Similar Jobs
Senior IT Risk and Compliance Analyst
About the role
Our client has an immediate opening for a Senior IT Risk and Compliance Analyst to join their team in Mississauga.
In your new role as a Senior IT Risk and Compliance Analyst, you will support and strengthen enterprise-wide IT Risk and Compliance program. You will work closely with the Director to design, implement, and monitor risk and control initiatives that align with regulatory requirements, internal policies, and client expectations. This role offers the opportunity to contribute meaningfully to overall risk posture while collaborating with cross-functional teams across the organization.
This is a hybrid role with requirements to be on site 3 days a week, providing a balance between remote flexibility and in-person collaboration.
About The Role: Lead the ongoing execution and effectiveness of the IT Risk and Compliance program, ensuring technology risks are identified, assessed, monitored, and reported across infrastructure, applications, cloud platforms, and related processes. Maintain the IT risk register, capturing assessment results, emerging risks, and control trends, and ensuring risk information is current, consistent, and decision‑useful. Prepare and maintain IT risk reporting, including KRIs, KPIs, dashboards, and analysis used to support audits, client discussions, and management oversight. Perform control testing activities, identify control gaps, deficiencies, and thematic issues, and validate remediation actions to confirm issues are addressed in line with internal requirements, regulatory expectations, and client commitments. Act as the primary point of contact for IT risk and compliance matters during internal audits, external audits, client assessments, and third‑party reviews including PCI DSS, CCM, ISO 27001 certifications, engaging directly with auditors, assessors, and stakeholders. Review, validate, and maintain audit and assessment evidence, ensuring submissions are accurate, complete, traceable, and aligned with stated control objectives and risk assertions. Execute ongoing It risk and compliance activities, including access and privilege reviews, firewall rule reviews, SOC report reviews, social engineering simulation, and exception tracking, ensuring issues are appropriately risk‑rated and documented. Review and assess the results of penetration testing, vulnerability assessments, and similar technical testing, validate remediation actions, and track findings through to closure. Support the issue management lifecycle, including documenting findings, validating corrective actions, and supporting risk acceptance where residual risk remains. Collaborate with Legal, Privacy, Vendor Management, Enterprise Risk, Corporate Security, and Sales to support contract reviews, vendor assessments, and client due‑diligence activities. Review IT policies, architecture artefacts, and solution designs to assess alignment with existing controls and security requirements, providing practical, risk‑based input. Provide technical guidance and support to ensure consistent assessment practices, evidence quality, and sound professional judgment across the team.
What You Need to Succeed:
Education: Post‑secondary diploma or university degree in a related discipline, or an equivalent combination of education, training, and relevant experience. Relevant professional certification(s) in IT audit, security, cloud security, or risk management (e.g., CISA, CISSP, CISM, CRISC, CGEIT, CCSK, CCSP, or equivalent), preferred.
Experience: Minimum of five (5) years of practical, hands‑on experience executing IT risk assessments, technical control testing, and audit support activities within IT Risk Management, Information Security, IT Audit, or IT Risk and Compliance functions. Experience operating in banking, financial services, or other highly regulated enterprise environments, with direct responsibility for reviewing technical evidence, assessing control effectiveness, and supporting internal and external audits.
Skills and Knowledge: Solid understanding of the technology threat landscape and applicable regulatory, security expectations, Strong working knowledge of industry‑recognized IT control frameworks and standards, including PCI DSS, NIST SP 800‑53, ISO/IEC 27002, COBIT, AICPA Trust Services Criteria (SOC 2), CSA Cloud Controls Matrix (CCM), and Government of Canada Protected B security requirements. Experience using GRC tools to support IT risk assessments, control testing, issue management, and risk reporting. Awareness of industry trends and emerging practices related to IT risk management, compliance, cloud security, and third‑party risk.
About Hays
We are leaders in specialist recruitment and workforce solutions, offering advisory services such as learning and skill development, career transitions and employer brand positioning.
As the Leadership Partner to our customers, we invest in lifelong partnerships that empower people and businesses to succeed. We help you achieve your career goals and deliver your business needs by combining meaningful innovation with our global scale and insights.
Last year we helped over 280,000 people find their next career. Join the millions of people around the world that our specialist recruitment consultants provide with up-to-date information on career options, interesting insights and specific industry trends.
We help our customers define and implement strategies to create inclusive and equitable workplaces. Through harnessing and analysing data, we support business decision making and advise on how to access Talent Networks. We also assist in identifying attractive employer propositions by truly understanding a company’s identity, and support clients with all aspects of their Early Careers proposition, from strategic planning through to operational execution.
Hays is the market leader in the UK and Asia Pacific and one of the market leaders in Continental Europe and Latin America. The c.12,800 people we employ around the world partner with clients and candidates to power the world of work. Every day our expert consultants help thousands of candidates find their next role, and they also help clients reshape workforces and deal with talent shortages. In the year to 30 June 2021, we placed 77,000 people in permanent jobs and 244,000 people into temporary roles. For more information about our global network, strategy and Group financial results, visit www.haysplc.com