Senior IT Compliance

Primary Job Title:
Senior IT Compliance & Cyber Risk Analyst

Alternate / Related Job Titles:

• Senior IT Risk & Compliance Analyst
• Cybersecurity Compliance Analyst
• IT GRC Analyst (Senior)
• Technology Compliance & Audit Analyst
• Cyber Risk & Audit Lead

Location & Onsite Flexibility:
Toronto, ON —
Hybrid
(ideally 2-3 days onsite per week; flexible/negotiable)

Contract Details

Position Type:
Contract

Contract Duration:
12 Months (Renewable)

Start:
As Soon As Possible

Pay Rate:
$50-$70/hour

Role Overview

Our client is seeking a
Senior IT Compliance & Cyber Risk Analyst
to support enterprise compliance, audit readiness, and risk management initiatives within a regulated environment. This role is primarily functional but requires a strong
technical understanding of GxP/GMP
, cybersecurity controls, and audit frameworks.

The successful candidate will focus heavily on
PCI-DSS and GxP (GMP)
compliance from a technology and cybersecurity perspective, while also supporting third-party risk management (TPRM) and broader cybersecurity governance efforts. This individual will partner closely with IT, Security, and business stakeholders to drive audit readiness, remediation, and compliance maturity.

Key Responsibilities

Compliance, Risk & Audit

• Serve as a
  subject matter expert
  for
  PCI-DSS and GxP/GMP compliance
  , supporting assessments, remediation tracking, and audit readiness
• Conduct
  IT and cybersecurity risk assessments
  , including control design, effectiveness testing, and gap analysis
• Support internal and external audits, including evidence collection, walkthroughs, and issue remediation
• Perform impact assessments and
  root-cause analysis
  related to cybersecurity incidents and compliance findings
• Assist in developing and maintaining
  information security, privacy, and technology compliance policies
  , standards, and procedures

Third-Party Risk Management (TPRM)

• Participate in vendor onboarding and ongoing vendor reviews, including security questionnaires, risk scoring, and remediation follow-ups
• Evaluate third-party controls related to
  data protection, access management, and regulatory compliance

Training & Enablement

• Design and deliver
  internal training programs
  on cybersecurity best practices, compliance requirements, and audit readiness
• Create clear, user-friendly guidance and awareness materials to support enterprise-wide compliance adoption

Reporting & Metrics

• Develop and maintain
  compliance and risk dashboards
  to report status, trends, and key risk indicators to leadership
• Monitor emerging regulatory and cybersecurity risks and recommend mitigation strategies

Required Experience & Qualifications

Required (Must-Have)

• 5+ years of experience in
  IT compliance, cybersecurity risk, or technology audit
  roles
• Hands-on experience with
  PCI-DSS and GxP (GMP)
  in regulated environments
• Experience supporting audits, including control testing, documentation, and remediation tracking
• Proven ability to design and deliver
  cybersecurity and compliance training
• Strong stakeholder communication skills, with the ability to translate regulatory requirements for non-technical audiences

Preferred Certifications

• One or more of the following:
  CISA, CISSP, CISM
• Additional compliance, audit, or risk certifications are considered an asset

Nice-to-Have

• Experience with
  TPRM programs
  , vendor risk assessments, and security questionnaires
• Exposure to
  SOX, data privacy regulations
  , or formal GRC tools
• Experience helping build or mature
  enterprise cybersecurity or compliance programs

What Makes a Strong Fit

• Deep, practical experience with
  PCI and GxP/GMP
  , not just theoretical knowledge
• Comfortable working in
  audit-heavy, highly regulated environments
• Able to balance hands-on compliance execution with
  training and enablement
  responsibilities
• Strong blend of
  risk management, audit expertise, and communication skills

Client Overview

Our client is an
innovative beauty brand parent company
behind globally recognized names such as NIOD, Hylamide, and The Ordinary. They are passionate about redefining the beauty industry and are always excited to meet individuals who want to bring their creativity and expertise to a fast-growing, forward-thinking organization.

About GTT

GTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company based in Alaska. As a Native American-owned, economically disadvantaged corporation, GTT is deeply committed to
diversity, equity, and inclusion
. Our clients include Fortune 500 organizations across banking, insurance, financial services, technology, life sciences, biotech, utilities, and retail throughout the U.S. and Canada.

Job Number:
#gttca #gttjobs