Senior Information Risk Management Analyst – GenAI
Drive innovation in cybersecurity and information risk within the insurance sector through a hybrid contract role based in Toronto. Leverage Generative AI, oversee third-party risk, and apply frameworks like NIST and ISO 27001 while contributing to regulatory compliance and strategic oversight in a high-impact environment.
What is in it for you:
• Salaried: $70-85 per hour.
• Incorporated Business Rate: $85-100 per hour.
• 4-month contract.
• Full-time position: 37.50 hours per week.
• Weekday schedule from 9 am to 5 pm.
• Flexible scheduling available: 8 am to 4 pm or 10 am to 6 pm.
• Hybrid work: in-office Tuesday to Thursday.
• Opportunity to work in a dynamic and professional environment.
• Join a passionate and inclusive team of professionals.
Responsibilities:
• Execute Generative AI prompts to evaluate vendor contracts and assess control evidence.
• Identify gaps or deficiencies in first-line documentation and challenge weak risk assessments.
• Validate Gen AI outputs for policy alignment and regulatory compliance.
• Develop best-practice guides for AI implementation in contract and risk review processes.
• Support the Control Self-Assessment (CSA) process by validating business-critical evidence.
• Perform second-line reviews of onboarding, offboarding, and exit strategy simulations.
• Monitor long-term third-party relationships for policy adherence.
• Recommend and track mitigation plans, ensuring alignment with cybersecurity frameworks.
• Collaborate with business and functional stakeholders to advise on risk treatment and oversight.
What you will need to succeed:
• Bachelor’s degree in a related field (e.g., Information Security, Computer Science, Risk Management, or similar)
• Professional certifications such as CISSP or CISA (preferred).
• 5+ years of experience in Information Security, Technology Risk, Business Resiliency, or third-party/vendor risk management.
• 2+ years’ hands-on experience applying Generative AI within cybersecurity or risk frameworks.
• Expertise in Independent Oversight, with strong advisory and consulting skills in risk management.
• Deep understanding of IRM best practices, including cybersecurity, privacy, and business continuity.
• Advanced knowledge of IT and security standards: ISO 27001, NIST CSF, NIST 800 series, COBIT, and ITIL.
• Strong written and verbal communication skills, with the ability to present complex topics to executive and non-technical audiences.
• Strategic thinker with proven ability to assess risk, challenge assumptions, and influence outcomes.
• Familiarity with cloud platforms such as Azure (preferred).
• Experience working in regulated environments across North America and Asia (preferred).
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach to job seekers and businesses. Only candidates who match hiring criteria will be contacted.
MFCJP00015394
