E
Eqbank12d ago

Cyber Security Analyst - Governance, Risk & Compliance

Toronto,TorontoFull Timemid
OtherCyber Security AnalystSecurity AnalystCybersecurity
2 views0 saves0 applied
Apply Now

Quick Summary

Overview

Join a Challenger Being a traditional bank just isn’t our thing, so we challenge ourselves to get creative in providing innovative banking solutions for Canadians.

Technical Tools
OtherCyber Security AnalystSecurity AnalystCybersecurity
Join a Challenger

Being a traditional bank just isn’t our thing, so we challenge ourselves to get creative in providing innovative banking solutions for Canadians.

How do we get there? With a talented team of inquisitive and agile challengers that break through the status quo. So, if you’re passionate about redefining the future of banking—while having fun—this could be your next big opportunity.

Our company continues to grow, and today we serve more than 800,000 customers across Canada through Equitable Bank, Canada's Challenger Bank™, and have been around for more than 50 years. Equitable Bank's wholly-owned subsidiary, Concentra Bank, supports credit unions across Canada that serve more than six million members. Together we have over $142 billion in combined assets under management and administration, with a clear mandate to drive change in Canadian banking to enrich people's lives. Our customers have named our EQ Bank digital platform (eqbank.ca) one of the top banks in Canada on the Forbes World's Best Banks list since 2021. 

The Work
 
 
The Cyber Risk & Governance Analyst, as part of the Information Security Governance & Third-Party Cyber risk team, is responsible for analyzing and assessing the organization's information security risks and ensuring that risk management activities are operationalized to keep the bank's Technology Risk profile within the organization’s risk appetite. This includes managing the company's risk register, ensuring that it is accurate, up-to-date, and reflective of the current risk environment. Facilitating risk identification and assessment workshops with stakeholders across the organization, recording risk information in the register and assigning risk owners to ensure timely and effective risk mitigation. Also ensures that risks are being effectively monitored and reported up to management. Additionally, this role supports the effective management of third-party cyber risks by conducting third-party cyber risk assessments. The analyst will collaborate with other technology departments, the Risk Management Group, Internal Audit, and key business stakeholders throughout the company to manage and maintain the risk register, evaluate overall information technology risk, and manage reporting on digital and technology third-party cyber risks. The analyst will also provide recommendations to enhance the organization's information security posture, assist in implementing information security policies and guidelines, and support regulatory compliance efforts. While third-party cyber risk management activities are not a primary function of this role, this role is expected to support the third-party cyber risk management activities as required. 

By collaborating with multi-disciplinary teams, cross-functional departments, stakeholders, and vendors, this role is responsible for implementing and measuring various aspects of corporate cyber risk and compliance matters. The role will support project teams and work towards ensuring that the organization is meeting the necessary regulatory requirements. 

  • Maintaining and updating the cyber risk register to ensure it accurately reflects the current risk profile of the organization. 

  • Collaborating with stakeholders across the organization to identify and assess potential risks and control measures, and documenting these in the risk register. 

  • Regularly reviewing risk ratings and mitigation strategies in the risk register to ensure they remain relevant and effective. 

  • Monitoring and reporting on cyber risk management activities including trends and remediation progress to management and other stakeholders. 

  • Identifying opportunities to improve risk management processes and the use of the risk register and working with relevant stakeholders to implement these improvements. 

  • Staying up to date with industry trends and best practices in cyber risk management. 

  • Ensuring the alignment between the risk register and the company’s overall cyber risk strategy. 

  • Providing training and support to other employees on risk management processes and the use of the risk register. 

  • Conducting cyber-risk assessments of third-party vendors, including gathering data, performing analysis and providing recommendations. 

  • Reviewing and analyzing vendor security policies, procedures and controls to ensure compliance with regulatory requirements and industry standards. 

  • Developing risk assessment reports and other documentation for third-party vendors, including risk ratings, mitigation plans, and recommended actions. 

  • Collaborating with stakeholders to ensure that third-party vendor risk assessments are conducted in a timely and effective manner. 

  • Assist with the preparation and execution of audit, red team, and tabletop exercises by efficiently collecting and organizing relevant information, and effectively communicating findings and recommendations to key stakeholders. 

  • Provide cyber security governance and cyber risk management expertise and guidance to project teams and other stakeholders. 

  • Fostering a risk-aware culture throughout the organization, where cyber risk is integrated into all operational processes. 

  • Bachelor’s degree in computer science, Information Security, or a related field. 

  • At least 3 years of experience in cyber security governance and risk management (or related 2nd or 3rd line-of-defense). 

  • Strong understanding of cyber security risk management methodologies and frameworks. 

  • Knowledge of industry regulations such as NIST, OSFI B-13 and OSFI B-10. 

  • Strong analytical and problem-solving skills. 

  • Excellent communication and interpersonal skills. 

  • Maintain or working towards a CRISC, ISO27001 Lead implementer/Lead Auditor, CISA or CISM certification or similar is required. 

Location & Eligibility

Where is the job
Toronto
Hybrid — some on-site time required
Who can apply
Same as job location
Listed under
Worldwide

Listing Details

Posted
April 22, 2026
First seen
April 22, 2026
Last seen
May 5, 2026

Posting Health

Days active
12
Repost count
0
Trust Level
30%
Scored at
May 5, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Apply for this position

4 other jobs at Eqbank

View all →

Explore open roles at Eqbank.

E
Tech Ops Engineer II
Full Time
E
Senior Analyst - Cyber Threat Modeling and Risk
Full Time
E
Customer Service Specialist, Bilingual (English and Mandarin)
Full Time
E
Director, Accounting & Consolidation
Full Time

Similar Cyber Security Analyst jobs

View all →
BaringaBaringaRemote
Senior Cyber Security Analyst - 6 month FTC
Remote
H
Hexagonusfederal
Senior Cyber Security Analyst
EX40
IonIon
Junior Cyber Security Analyst
Full-time
CoreoneCoreone
Senior Cyber Security Analyst
Knowbe4Knowbe4
Snr. Email Security Analyst (Position located in Sao Paulo, Brazil)
L
Lucidsoftware
Sr. Security Trust & Assurance Analyst

Browse Similar Jobs

Manager3.3kFitness & Wellness2.1kEngineer2.1kDirector2kData Collector2kAssistant Manager1.8kAssociate1.7kConsultant1.4kBehavioral Health1.2kAssistant1.2kSocial Work & Counseling1.1kSocial Worker1kTechnician958Analyst900Coordinator805Social788Development679Operations Associate603Part Time593Tech Lead583
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

E
Cyber Security Analyst - Governance, Risk & Compliance
Apply Now