Senior Security Analyst – Information Security Governance

Position Summary

The Senior Security Analyst Information Security Governance plays a critical role in advancing and operating IFSs Information Security Governance program. This role serves as a senior individual contributor and subject matter expert responsible for security frameworks audits trust programs thirdparty risk cybersecurity risk management and governance platforms.

This position partners closely with GRC Security R&D Engineering IT Legal Procurement and Sales to ensure that security controls are defensible auditable scalable and aligned with business objectives. The role is central to external assurance customer trust executive reporting and enterprise risk transparency.

Key Responsibilities

Business Enablement & Trust Support

• Represent Information Security during RFPs RFIs customer security questionnaires and due diligence activities.
• Provide ongoing Information Security support during customer audits assessments and evaluations.
• Maintain and continuously improve customer-facing trust artefacts including Trust Centers security documentation and compliance attestations.

Compliance & Audit Management

• Act as a key Information Security stakeholder for SOC 2 and ISO/IEC 27001 assessments and ongoing renewals.
• Own the security evidence lifecycle including documentation testing artefacts remediation tracking and auditor engagement.
• Coordinate with internal stakeholders to ensure timely closure of audit findings and corrective actions.

Information Security Management System (ISMS)

• Lead Information Security governance activities related to policies standards control frameworks and procedures.
• Produce maintain and evolve ISMS documentation to ensure alignment with regulatory contractual and business requirements.
• Support continuous improvement of the security governance program.

Trust Risk and Compliance Programs & Platforms

• Design implement integrate and operate Trust Management Compliance Automation and ThirdParty Cyber Risk Management platforms.
• Maintain control mappings across regulatory frameworks customer requirements and internal security standards.
• Integrate governance platforms with enterprise systems (identity cloud endpoint ticketing GRC tools).
• Ensure platform data quality scoring rationale and audit defensibility for executives customers and regulators.

ThirdParty Risk Management (TPRM)

• Lead thirdparty security posture assessments including vendor onboarding tiering reassessments and continuous monitoring.
• Partner with Procurement Legal and business owners to ensure vendor risks are understood documented and managed throughout the lifecycle.
• Support vendor remediation tracking and risk acceptance processes.

Cybersecurity Risk Management

• Lead the design and operation of the Cybersecurity Risk Management program including:
  • Risk identification and analysis
  • Program and posture assessments
  • Exception handling and risk acceptance
  • Maintenance of the cybersecurity risk register
• Produce clear executive-ready risk reporting and recommendations aligned to enterprise risk tolerance.

Metrics Reporting & Executive Visibility

• Define track and report Information Security KPIs and KRIs.
• Support organizational reporting on security posture trends and program maturity.
• Provide clear business-aligned insights suitable for senior leadership and board-level audiences.

Qualifications :

Required Experience

• 5 years of experience in Information Security Governance GRC Risk Management Audit or Compliance.
• Strong working knowledge of SOC 2 ISO/IEC 27001 and security control frameworks (e.g. NIST CSF CIS Controls).
• Hands-on experience supporting third-party risk management and vendor security assessments.
• Experience operating or administering GRC compliance automation or trust platforms.
• Proven ability to communicate security and risk concepts clearly to technical and non-technical stakeholders.

Preferred Experience

• Experience with data protection DLP or AI security governance.
• Familiarity with cloud platforms such as Microsoft Azure and Amazon AWS from a governance control or risk perspective.
• Experience supporting customer-facing security engagements in SaaS or enterprise software environments.

Education & Certifications

• Bachelors degree in cybersecurity information assurance computer science or related field (or equivalent experience).
• Certifications such as CISSP CISM CISA CRISC or equivalent are highly valued.
• Cloud or provider certifications (Azure AWS) are considered an asset.

Additional Information :

What Were Offering

• Salary Range: $90000 CAD - $110000 CAD 
• Variable Company Bonus Plan
• Permanent Full-time
• Flexible paid time off including sick and holiday 
• Medical dental & vision insurance 
• RRSP Company contribution 
• Life insurance and disability benefits 
• Tuition assistance 
• Community involvement and volunteering events

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles while also valuing inclusive workplace experiences. By fostering a sense of community we drive innovation strengthen connections and nurture belonging. Our commitment ensures you can work in a way that suits you best while also engaging with colleagues to share ideas and build meaningful relationships.

Remote Work :

No

Employment Type :

Full-time