Senior Cyber Security Risk Analyst with Gen AI experience to work with a major financial services client- 15394

Senior Cyber Security Risk Analyst with Gen AI experience to work with a major financial services client- 15394

Location Address: Toronto or Boston/Hybrid - 3 days onsite per week (onsite Tues, Wed, Thurs)

Contract Duration: asap - 12/15/2025

Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week. 8-4, 10-6

Candidate Value Proposition

• The successful candidate will have the opportunity to be at the forefront of leveraging Generative AI in a dynamic, fast-evolving environment. The successful candidate will bring deep expertise to help shape and operationalize Gen AI capabilities-playing a key role in transforming how we assess risk, manage vendor relationships, and meet evolving OFSI guidelines. If you thrive in a fast-paced environment where agility and innovation intersect, this role offers the chance to directly influence the future of risk oversight through technology.

Position Overview:

This role focuses on leveraging Gen AI to optimize contract review processes and validate first-line defense work in vendor risk assessments. Operating within the second line of defense, the candidate will be responsible for oversight and governance-ensuring policy compliance and challenging assessments where controls are missing or inadequate.

Core responsibilities include:

• Executing Gen AI prompts to assess vendor contracts and align with management assessments

• Reviewing controls and identifying any gaps in the evidence provided by the first line

• Validating Gen AI outputs for consistency and compliance with critical third-party policies and standards

• Developing a user guide for Gen AI implementation, including best practices, tips, and documentation standards

This individual will also support the Control Self-Assessment (CSA) process by validating evidence for business-critical operations and contributing to ongoing control assessments.

If capacity allows, the candidate may support:

• Second-line reviews of third-party onboarding processes

• Execution of exit strategy and simulation reviews per SOPs

• Transition plan assessments for vendor offboarding

• Monitoring long-term third-party relationships for policy adherence

Story Behind the Need

The Global Wealth and Asset Management (GWAM) Information Risk Office (IRO) is seeking a Cybersecurity Generalist! This opportunity is perfect for an enthusiastic and skilled candidate looking to further deepen their expertise in Information Risk Management (IRM) and gain valuable experience in Independent Oversight. The role involves collaborating closely with Business and Central Functions to enhance risk posture. This cybersecurity generalist must seamlessly transition into any risk-related situation and resolve issues competently by leveraging an exceptional cybersecurity skill set. The successful candidate will be a domain specialist across multiple areas, including information security, technology risk, privacy, third-party risk, and business continuity management, collaborating with the global IRM team. This role involves driving the execution of complex and technical information risk processes, including oversight and effective challenge of information risk controls, risk identification and treatment, adherence to local regulatory requirements, and consultation on technology priorities, strategies, and solutions aligned with global information risk policies, standards, and systems. The individual will work closely with the broader IRM team and other partners to ensure alignment with business goals and commitments.

Key Responsibilities:

• Provide oversight and effective challenge within the GWAM segment, ensuring compliance with technology standards and policies, and manage exceptions or deviations.

• Conduct 2nd line reviews and provide expert opinions on risk assessments for third-party vendors and projects, ensuring senior management's informed consent and understanding of risk treatment and acceptance.

• Monitor global technology risk and control assessments, identify key risks and gaps, and track and report on management's corrective action plans as needed.

• Recommend comprehensive mitigation strategies and provide expert guidance on standards interpretation.

• Develop and implement oversight and effective challenge mechanisms for the 1st Line of Defense within the GWAM segment, including managing exceptions and risk acceptance procedures.

Candidate Requirements/Must Have Skills:

1. A minimum of 5+ years of advanced experience in Information Security, Business Resiliency, Technology Risk strategies, third-party/vendor risk, and related principles and processes.

2. 2+ years’ experience with Gen AI capabilities. Expertise in artificial intelligence (AI) technologies and integrating them into cybersecurity frameworks

3. Deep understanding of IRM (including cybersecurity) best practices and their application across diverse domains.

4. Exceptional communication skills, capable of translating complex technical information into accessible language for non-technical stakeholders, including executives.

5. Expertise as a strategic thinker with the ability to navigate complex risk landscapes and make informed decisions to safeguard our organization's assets and operations.

6. Significant experience in Independent Oversight over Business and Central Functions, with a focus on advisory consulting in risk management.

7. Comprehensive understanding of various IT and Information/Cyber Security frameworks and standards, such as ISO 27001, NIST CSF, NIST 800 series, COBIT, and ITIL.

Nice-To-Have Skills:

1. Familiarity with major cloud service providers, ideally Azure, is preferred.

2. Possession of recognized professional designations in Information Security, Audit, and Business Continuity (e.g., CISSP, CISA).

3. Proficiency in security software, IT audit and security and compliance.

4. In-depth knowledge of regulatory environments in the U.S., Canada, and Asia.

Education:

• Bachelor's degree

Best vs. Average: The best candidates are calm, professional, and effortlessly engaging with others. They bring a grounded presence and foster trust and collaboration. This person is naturally inquisitive, asking thoughtful questions and diving deeper into problems without needing constant direction. They’re a self-starter who works well independently, with a solid knowledge base that allows them to contribute meaningfully from day one-we’re happy to explain the nuances of the FI but we expect them to already understand the domain space. Candidates with consulting experience tend to stand out; they’re typically equipped with strong communication skills and an instinct for navigating complex, ever-changing environments. Adaptability is essential here, along with the ability to remain composed and clear-headed amid shifting priorities.

Candidate Review & Selection

• # Step Process: 2 rounds - Virtual