Intermediate Security GRC Analyst
Top Benefits
About the role
Tech Talent International (SI) supplies technical talent to a variety of clients ranging from Fortune 100/500/1000 companies to small and mid-sized organizations in Canada/US and Europe. We currently have a role as a Intermediate Security GRC Analyst with our large consulting client on a long term project with a major banking client in the downtown Montreal area.
Role: Intermediate Security GRC Analyst Type: Permanent Location: Hybrid - Downtown Montreal, QC -(roles starts off 5 days in office for 1st 3 months, then turns into hybrid setup 3 days onsite, 2 days from home) Salary: $100,000 - $105,000 + 9% bonus + 3-5 weeks paid vacation + RRSP contribution + benefits + sick/personal day
Position Overview
RESPONSIBILITIES Manage the cyber regulatory compliance program by assessing requirements, collecting supporting evidence, and maintaining documentation Monitor regulatory, privacy, and cybersecurity best practice changes; apply GRC expertise across products, practices, and procedures Liaise with internal and external auditors to implement and maintain controls for compliance and privacy laws Manage cybersecurity examinations from 2LoD, 3LoD (internal audit), and external audits Track and manage findings and recommendations from audits and examinations Collect and automate DFS500 metrics and reporting to demonstrate risk reduction Improve and industrialize operating models (evidence collection, reporting, documentation, and repeatable processes) Challenge and enhance current practices related to regulatory exams, findings management, reporting, and control assessment Perform security risk assessments using industry frameworks (NIST CSF, ISO 27001, CRI Profile, etc.) to identify residual risks and gaps Conduct periodic reviews of security controls, evaluating design, coverage, and effectiveness Identify control weaknesses and support remediation planning Ensure compliance with regulatory, client, and internal cybersecurity requirements Automate and streamline GRC framework processes Collaborate with Audit, Cyber Risk, Legal, Compliance, IT, Risk Management, and business teams to align GRC with business objectives Contribute to reporting frameworks, delivering metrics and insights on security posture Analyze trends in security events and activities to identify risks and gaps
REQUIREMENTS
Mandatory Minimum 5 years of experience in Security GRC, IT Risk, Cyber Risk, IT Audit, or Regulatory Compliance Strong knowledge of security frameworks (NIST CSF, ISO 27001, COBIT, CRI Profile, etc.) Solid understanding of security domains: application security, infrastructure security, vulnerability management, IAM, data protection, incident management, third-party risk, cloud security Experience managing audits, regulatory examinations, and compliance programs Strong analytical, problem-solving, communication, and documentation skills Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience Proficiency with MS Office and project management methodologies
Nice to have Experience with GRC tools (preferably RSA Archer) Professional certifications (CISSP, CISM, CISA, CRISC, CCSP, Security+, CCSK, GSEC, etc.)
Not the right fit? Search for Security GRC Analyst jobs in Montreal, Quebec, Canada
About Tech Talent International
Tech Talent International is boutique recruitment firm based out of the Toronto Canada. We are provide contract and permanent staffing services to a variety of clients ranging from F1000s to startups across Canada/US and the world.
Similar Jobs
Intermediate Security GRC Analyst
Top Benefits
About the role
Tech Talent International (SI) supplies technical talent to a variety of clients ranging from Fortune 100/500/1000 companies to small and mid-sized organizations in Canada/US and Europe. We currently have a role as a Intermediate Security GRC Analyst with our large consulting client on a long term project with a major banking client in the downtown Montreal area.
Role: Intermediate Security GRC Analyst Type: Permanent Location: Hybrid - Downtown Montreal, QC -(roles starts off 5 days in office for 1st 3 months, then turns into hybrid setup 3 days onsite, 2 days from home) Salary: $100,000 - $105,000 + 9% bonus + 3-5 weeks paid vacation + RRSP contribution + benefits + sick/personal day
Position Overview
RESPONSIBILITIES Manage the cyber regulatory compliance program by assessing requirements, collecting supporting evidence, and maintaining documentation Monitor regulatory, privacy, and cybersecurity best practice changes; apply GRC expertise across products, practices, and procedures Liaise with internal and external auditors to implement and maintain controls for compliance and privacy laws Manage cybersecurity examinations from 2LoD, 3LoD (internal audit), and external audits Track and manage findings and recommendations from audits and examinations Collect and automate DFS500 metrics and reporting to demonstrate risk reduction Improve and industrialize operating models (evidence collection, reporting, documentation, and repeatable processes) Challenge and enhance current practices related to regulatory exams, findings management, reporting, and control assessment Perform security risk assessments using industry frameworks (NIST CSF, ISO 27001, CRI Profile, etc.) to identify residual risks and gaps Conduct periodic reviews of security controls, evaluating design, coverage, and effectiveness Identify control weaknesses and support remediation planning Ensure compliance with regulatory, client, and internal cybersecurity requirements Automate and streamline GRC framework processes Collaborate with Audit, Cyber Risk, Legal, Compliance, IT, Risk Management, and business teams to align GRC with business objectives Contribute to reporting frameworks, delivering metrics and insights on security posture Analyze trends in security events and activities to identify risks and gaps
REQUIREMENTS
Mandatory Minimum 5 years of experience in Security GRC, IT Risk, Cyber Risk, IT Audit, or Regulatory Compliance Strong knowledge of security frameworks (NIST CSF, ISO 27001, COBIT, CRI Profile, etc.) Solid understanding of security domains: application security, infrastructure security, vulnerability management, IAM, data protection, incident management, third-party risk, cloud security Experience managing audits, regulatory examinations, and compliance programs Strong analytical, problem-solving, communication, and documentation skills Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience Proficiency with MS Office and project management methodologies
Nice to have Experience with GRC tools (preferably RSA Archer) Professional certifications (CISSP, CISM, CISA, CRISC, CCSP, Security+, CCSK, GSEC, etc.)
Not the right fit? Search for Security GRC Analyst jobs in Montreal, Quebec, Canada
About Tech Talent International
Tech Talent International is boutique recruitment firm based out of the Toronto Canada. We are provide contract and permanent staffing services to a variety of clients ranging from F1000s to startups across Canada/US and the world.