Senior IT Compliance & Cyber Risk Analyst

Senior IT Compliance & Cyber Risk Analyst

Location: Toronto, ON (Hybrid)
Contract: 12 months, Renewable
Type: Contract

Our client is seeking a Senior IT Compliance & Cyber Risk Analyst to support enterprise compliance, audit readiness, and risk management initiatives within a regulated environment. This role focuses on PCI-DSS and GxP (with an emphasis on GMP) from a technology, cybersecurity, and audit perspective
, with additional exposure to third-party risk management (TPRM) and broader cybersecurity governance. The successful candidate will lead compliance assessments, support audits, conduct internal training, and partner closely with IT, Security, and business stakeholders.

• Act as a subject matter expert for PCI-DSS and GxP/GMP compliance
  , supporting ongoing assessments, remediation tracking, and audit readiness.
• Conduct IT and cybersecurity risk assessments
  , including control design, effectiveness testing, and gap analysis.
• Support and coordinate internal and external audits
  , including evidence collection, walkthroughs, and issue remediation.
• Perform impact assessments and root-cause analysis related to cybersecurity incidents and compliance findings.
• Assist in the development, maintenance, and enforcement of information security, privacy, and technology compliance policies, standards, and procedures
  .

• Participate in vendor onboarding and ongoing vendor reviews
  , including security questionnaires, risk scoring, and remediation follow-ups.
• Evaluate third-party controls related to data protection, access management, and regulatory compliance
  .

• Design and deliver internal training programs covering cybersecurity best practices, compliance requirements, and audit readiness.
• Create user-friendly materials, guidelines, and awareness content to support ongoing compliance adoption across the organization.

• Develop and maintain compliance and risk dashboards to report status, trends, and key risk indicators to senior leadership.
• Monitor emerging regulatory and cybersecurity threats and recommend mitigation strategies.

• 5+ years of experience in IT compliance, cybersecurity risk, or technology audit roles.
• Demonstrated hands-on experience with PCI-DSS and GxP (GMP) compliance in regulated environments.
• Experience supporting audit activities
  , including control testing, documentation, and remediation tracking.
• Proven ability to design and deliver internal training related to cybersecurity and compliance.
• Strong stakeholder engagement skills with the ability to translate regulatory requirements for non-technical audiences.

• One or more of the following:
  CISA, CISSP, CISM
  .
• Additional compliance or risk certifications are considered an asset.

• Experience with TPRM programs
  , vendor risk assessments, and security questionnaires.
• Exposure to SOX
  , data privacy regulations, or formal GRC tooling
  .
• Experience helping build or mature enterprise cybersecurity or technology compliance programs
  .

• Deep, practical experience with PCI and GMP/GxP
  , not just awareness.
• Comfortable operating in audit-heavy, regulated environments
  .
• Able to deliver hands-on compliance execution while also training and enabling internal teams.
• Strong balance of risk, audit, and communication skills
  .