Broxer
Giuntura
This page was automatically translated and may contain errors. View in English.
Ontario Medical Association

Cybersecurity GRC Analyst

Ontario Medical Association

Toronto, Ontario, Canada (Hybrid) · Tempo pieno

Sii il primo a candidarti

Esperienza
6–9 yrs
Stipendio
CAD 92,835 – CAD 98,640 / year
Aperture
1
Pubblicato
3 ore fa

Where you'll work

Descrizione del lavoro

About the Organization

The Ontario Medical Association (OMA) supports physicians and works to strengthen their leadership in patient care. The organization is focused on being a trusted voice in improving Ontario’s health-care system through practical solutions, new approaches, and continuous improvement. This role is part of a newly created team position at an organization recognized as one of Greater Toronto’s Top Employers.

Role Overview

The Cybersecurity GRC Analyst will help advance the OMA’s information security governance, risk, and compliance program by operating in a second-line oversight capacity. The role provides independent review, advisory support, and risk-based challenge to strengthen cybersecurity controls, improve readiness for audits and regulatory requirements, and support secure use of technology, including artificial intelligence (AI). Working across Technology, Information Security, enterprise risk management, service providers, and business teams, this person will help identify, assess, and manage cyber risks while influencing stakeholders to protect sensitive information.

Governance, Risk, and Compliance

  • Keep cybersecurity policies, standards, and controls current and aligned with widely used frameworks such as CIS, NIST, and ISO 27001.
  • Act as the main coordinator for cybersecurity audits by organizing evidence collection and tracking remediation work.
  • Manage the process for security exceptions and formal risk acceptance.
  • Build AI and emerging-technology governance into current security frameworks, including guidance on risk, regulation, and ethical concerns.

Cyber Risk Oversight and Reporting

  • Maintain the organization’s cybersecurity risk register, including ratings, response expectations, and escalation points.
  • Analyze and record risks tied to vulnerabilities, incidents, third-party issues, and gaps in controls.
  • Create and maintain dashboards, KRIs, and KPIs for cybersecurity performance and risk visibility.
  • Provide leadership with regular updates on evolving cyber risks and the overall security environment.

Vulnerability and Application Risk Oversight

  • Track vulnerabilities across infrastructure, cloud environments, and applications, with attention to business impact and sensitive data exposure.
  • Follow up on remediation progress, escalate overdue critical items, and document any remaining risk when fixes are deferred.

Application, Data, and Identity Security Oversight

  • Monitor controls that protect sensitive information, including personal and health data (PII/PHI).
  • Support data governance efforts such as data classification and data loss prevention (DLP), and report on related application and data risks.
  • Work with the Senior Security Architect on threat modeling for both new and existing applications, and verify secure coding practices, SAST/DAST testing, and remediation results.
  • Review risks involving identity and access management, API security, data protection, and third-party dependencies.
  • Oversee quarterly reviews of privileged access and identity certifications.
  • Review major incident reports and validate root-cause analysis and corrective actions.
  • Watch for repeated control failures and systemic weaknesses across infrastructure, applications, and AI systems.

Third-Party Risk and Security Awareness

  • Perform cybersecurity assessments for vendors and other third parties, including providers of AI-enabled services.
  • Track remediation commitments and documented risk acceptance from external parties.
  • Help organize technical and management tabletop exercises.
  • Support phishing simulations and broader cyber awareness efforts.

Requirements

  • A university degree in Information Technology, Computer Science, Computer Engineering, or an equivalent field.
  • 6 to 9 years of relevant experience in information security and IT, including GRC work in enterprise environments such as endpoint and identity security.
  • An active industry-recognized certification such as CISSP, CRISC, CISA, Certified Ethical Hacker, or an equivalent credential.
  • Additional credentials such as CISM, ISACA Advanced in AI Security Management (AAISM), ITIL, PMP, or an MBA are considered an advantage.
  • Experience with Microsoft Security and Compliance solutions.
  • Strong background in identity governance and conditional access, such as Entra ID.
  • Practical experience with XDR tools and familiarity with SIEM/SOAR platforms, including automated workflows and playbooks.
  • Good understanding of Zero Trust principles and modern security architecture.
  • Knowledge of MITRE ATT&CK and threat modeling methods.
  • Exposure to AI-driven security tools and controls is beneficial.
  • Experience with API-based integrations and automation, such as REST and Microsoft Graph API.
  • Strong knowledge of cyber risk management, cybersecurity frameworks, and business continuity, including BCP and DR.
  • Strong business judgment along with analytical, problem-solving, and decision-making ability.
  • Excellent communication and presentation skills with the ability to influence both technical and non-technical stakeholders.

Work Arrangement

The OMA uses a permanent hybrid working model. The selected candidate will be expected to work from the Toronto office for a minimum number of days each week.

Compensation and Benefits

  • Hiring salary range: $92,835 to $98,640 annually.
  • Pension plan and bonus program.
  • Comprehensive group benefits, including a spending account and a wellness program.
  • Paid professional development and ongoing in-house learning opportunities.
  • A supportive, flexible hybrid work environment.
  • The chance to help shape the strategic direction of the OMA, its members, and the wider health-care system.
  • A values-driven workplace centered on respect, boldness, responsiveness, and transparency.

Additional Information

Employment is conditional on successful background checks and reference checks. The recruitment process does not use artificial intelligence. The OMA is committed to building a diverse and inclusive workplace and welcomes applications from racialized persons/persons of colour, women, Indigenous People of North America, persons with disabilities, LGBTQ2S+ persons, and others who contribute to diversity of thought. Accommodation will be provided throughout the hiring process for applicants with disabilities in accordance with the AODA Act.

Competenze

Gestione del rischio API Integration Compliance Management Vulnerability management Threat modeling Cybersecurity Governance Data Protection Third-Party Risk Management Identity and access management Security Reporting Information Security Auditing SIEM/SOAR

Lasciate questo messaggio se desiderate una risposta: non lo useremo per nessun altro scopo.

Clicca per navigare, trascina e rilascia, oppure impasto uno screenshot

PNG, JPG, GIF, MP4, WebM, MOV · Dimensione massima 20 MB ciascuno · Fino a 5 file