IT Contract Analyst (MSAs, SOWs, NDAs)
Share
Job Location:
Monthly Salary:
Posted on:
Vacancies:
Job Summary
IT Contract Analyst (MSAs SOWs NDAs)
Dynamic opportunity in the insurance industry focused on IT vendor contract review cybersecurity controls and third-party risk oversight. This hybrid Toronto-based role supports enterprise vendor governance contract negotiation and regulatory compliance while partnering with Legal Procurement and Risk teams in a complex fast-paced environment.
What is in it for you:
Salaried: $40-46 per hour.
Incorporated Business Rate: $50-56 per hour.
6-month contract with the potential for permanent employment.
Full-time position: 37.50 hours per week.
Weekday schedule from 8:30 am to 5:00 pm.
Remote on Monday and Friday; on-site Tuesday to Thursday.
Responsibilities:
Review IT vendor contract clauses and language to ensure alignment with internal contract standards and information security requirements.
Analyze supplier agreements to identify risks related to data protection cybersecurity controls and regulatory compliance.
Recommend and draft appropriate contractual clauses and safeguards based on vendor products and services.
Provide guidance to internal stakeholders and Legal teams by outlining contractual risks and proposing mitigation approaches.
Respond to internal inquiries regarding vendor contracts and contractual obligations.
Initiate reviews of existing vendor contracts with internal business units when required.
Support Procurement during vendor negotiations by advising on contract clauses and exceptions.
Collaborate with Vendor Information Security Management and Vendor Governance teams on contract risk matters.
Monitor evolving laws regulations and industry guidance that may impact contractual language or vendor risk requirements.
Translate complex contractual or technical concepts into clear language for vendors and internal stakeholders.
Manage multiple contract reviews while meeting tight timelines and operational priorities.
Work closely with Legal Compliance Risk Procurement and business stakeholders to support vendor governance objectives.
What you will need to succeed:
Bachelors degree in Business Economics Finance or a related discipline.
Industry-recognized certification in IT risk third-party risk management or procurement is considered an asset.
Law degree is considered an asset.
5 years of experience reviewing third-party vendor contracts preferably involving IT services technology vendors or cybersecurity requirements.
Experience in IT risk management third-party risk management procurement or vendor governance.
Strong understanding of IT contract clauses and the ability to assess and recommend appropriate contractual controls.
Foundational knowledge of cybersecurity and information security principles including data protection and data flow concepts.
Knowledge of industry information security or risk frameworks such as NIST 800-53 NIST Cybersecurity Framework (CSF) or ISO 27001 is considered an asset.
Understanding of regulatory expectations impacting third-party contracts within financial services environments including OSFI guidance is considered an asset.
Familiarity with vendor information security questionnaires and risk assessments is considered an asset.
Proficiency with Microsoft Office tools including Word Excel and PowerPoint.
Experience with risk or procurement platforms such as Archer ProcessUnity or Ivalua is considered an asset.
Strong critical thinking organization and problem-solving skills with the ability to manage multiple priorities.
Excellent communication and negotiation skills with the ability to engage stakeholders at various levels of the organization.
Ability to work independently and collaboratively in a fast-paced matrixed and global environment.
Why Recruit Action
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.
# MFCJP
