Cyber Security Risk Analyst - Assurance

We are looking to fill the position of Cyber Security Risk Analyst – Assurance, with a planned start date of July 27, 2026, for a 1.5-year term with the possibility of a 6-month extension. This is a remote role requiring Secret clearance status (or eligibility to obtain it by residing in Canada for a minimum of 5 years.) The successful candidate will work under the direction of the Assistant Director, Cyber Security Assurance to produce executive-grade cyber risk reports, translating complex technical findings from Threat and Risk Assessments (TRAs) and penetration tests into clear, actionable insights for business stakeholders. The role involves applying cyber risk frameworks such as NIST (CSF, SP 800-30, SP 800-53) and HTRA, supporting governance activities, and documenting risks within ServiceNow GRC, including risk registers, treatment plans, and remediation tracking.

The ideal candidate holds a university degree or college diploma in computer science, information security, risk management, or a related field, with at least 5 years of experience in cyber security or technology risk, including 3 years producing executive-level cyber risk reporting. Strong experience is required in ServiceNow GRC, cyber risk frameworks (NIST, HTRA), and translating technical vulnerabilities into business impact and remediation guidance. Additional strengths include knowledge of common cyber threats and mitigation strategies, excellent written and verbal communication skills, and the ability to work independently in a fast-paced environment. Assets include experience with ISO 27001/27002/27005, third-party and cloud risk management, AI-assisted analysis tools, and familiarity with regulated financial environments and Canadian federal cyber security standards.