Senior Business Analyst — Security, Privacy & Compliance (Contract)
Location: Mississauga, ON (hybrid)
Category: Information Technology
Engagement: Full-time contract (see “Contract & Hours” below)
Apply by: September 16, 2025
Category: Information Technology
Engagement: Full-time contract (see “Contract & Hours” below)
Apply by: September 16, 2025
The Company
Join a global and world renowned biotech corporation & diagnostics leader, known for breakthrough medicines and in-vitro diagnostics. You’ll partner with digital product and platform teams to embed security, privacy, and regulatory compliance across high-impact initiatives.
The Role
We’re seeking a Senior Business Analyst (Compliance-focused) to advise product and engineering on regulatory requirements, translate laws and standards into actionable controls, and coordinate audits, risk assessments, and remediation across multiple product domains (cloud-forward, AWS preferred).
What you’ll do
-
Compliance advising: Guide architecture and new solution design to meet security/privacy standards.
-
Audit & assurance: Coordinate evidence, assess control effectiveness, and manage deliverables for ISO 27001/17/18, HITRUST, and related audits.
-
Security ops cadence: Orchestrate pen tests and disaster recovery planning; track issues to closure with strong documentation.
-
Risk governance: Stand up/iterate processes for security & privacy risk identification, assessment, and mitigation.
-
Policy & guidance: Draft/update policies, procedures, and operating guidelines aligned to evolving regulations (GDPR, HIPAA).
-
Enablement: Build training and comms to scale best practices across product and business teams.
-
Cloud & data protection: Apply AWS security architecture principles and data protection by design.
-
Framework expansion: Support implementation/readiness for FedRAMP, C5 and other certifications.
-
GRC & reporting: Leverage/extend GRC platforms for workflows, control mapping, and analytics.
-
Customer trust: Respond to customer security questionnaires; drive reusable/automated responses.
What you bring
-
Bachelor’s in CS/Engineering/Law/Business or equivalent experience.
-
5+ years in InfoSec, Privacy, Risk Management, or Compliance Auditing.
-
Strong grasp of cloud security (AWS) and regulated environments.
-
Working knowledge of GDPR, HIPAA, HITRUST, ISO 27001/17/18.
-
Familiarity with COBIT, NIST, FAIR, ISO 31000 and audit processes (internal/external).
-
Solid project coordination across Agile and traditional teams; excellent written/spoken English.
Nice to have
-
Certifications: CISA, CISM, CRISC, CISSP.
-
GRC tools experience (e.g., ServiceNow GRC, RSA Archer) incl. configuration/workflow automation.
-
Policy lifecycle, third-party risk, and technical writing for controls/policies.
-
Power BI reporting & data modeling.
-
Experience navigating multi-region certs (e.g., China), and platform-level privacy/security needs.
Contract & Hours
-
Hours/day: 8 Hours/week: 40 Total: ~2,000 hours (≈12 months).
-
Work model: On-site/hybrid in Mississauga, ON; occasional remote flexibility per team needs.
-
Submissions: Shortlisting ongoing through September 16, 2025.
Contract Info / Information sur le contrat
- Job ID / No. du Poste: 50243294
- Open Positions / Postes Ouverts: 1
Partager
Facebook
Twitter
LinkedIn
Telegram
Tumblr
WhatsApp
VK
Mail