Senior Cyber Security Risk Analyst

We are seeking a Senior Cyber Security Risk Analyst to join our Toronto client's team.

In this pivotal role, you will lead the creation of comprehensive cyber system risk reports, translating complex technical findings from penetration tests and Threat and Risk Assessments (TRAs) into actionable business insights for senior stakeholders.

As a senior member of the team, you will champion industry-standard frameworks and leverage ServiceNow GRC to maintain, mature, and safeguard the organization’s overall cyber risk posture.
Key Responsibilities

• Lead Risk Reporting: Oversee and manage the cyber risk reporting queue, ensuring the delivery of high-quality, executive-ready risk assessments.
• Apply Standard Methodologies: Utilize NIST and HTRA methodologies to rigorously assess, quantify, and communicate technical risks.
• Drive GRC Excellence: Document, track, and manage the lifecycle of risks, treatment plans, and remediation efforts within ServiceNow GRC.
• Translate Tech to Business: Bridge the gap between engineering and the boardroom by converting complex technical vulnerabilities into clear, high-impact business risk statements for non-technical leadership.
• Support Governance & Audits: Act as a trusted advisor during governance forums and internal audits, providing articulate verbal and written risk communications.
• Innovate Securely: Leverage AI-assisted tools to streamline content generation and report optimization, while strictly maintaining data confidentiality and privacy boundaries.

Education & Experience

• Education: University Degree or College Diploma in Computer Science, Information Security, Risk Management, or a related field.
• Experience: 5 years of progressive experience in cyber security, IT audit, or technology risk management.
• Executive Reporting: 3 years of dedicated experience crafting executive-grade risk reports and presentations for C-suite or steering committees.

Technical & Core Competencies

• Framework Expertise: Deep practical experience applying NIST frameworks (e.G., CSF, 800-53) and HTRA methodologies.
• Tooling: Hands-on, administrative, or advanced user experience with ServiceNow GRC (Integrated Risk Management).
• Vulnerability Acumen: A strong understanding of common technical vulnerabilities (OWASP Top 10, CVEs) and the unique ability to map them to operational and financial business impacts.
• Communication: Exceptional communication and storytelling skills, with the ability to influence stakeholders and defend risk ratings with data-driven logic.
  
• Relevant professional certifications (e.G., CRISC, CISM, CISSP, or CISA).
• Experience integrating AI workflows into daily risk analysis safely.