Security Risk Analyst – Remote (Canada)

About the role

We are looking for a Security Risk Analyst to join our client’s team on a 4‑5 month contract. The role is fully remote within Canada and focuses on assessing cyber‑security risks across cloud, SaaS and emerging AI technologies.

Key responsibilities

• Conduct security assessments for cloud, SaaS and enterprise applications.
• Evaluate third‑party and vendor SaaS solutions for security and compliance.
• Analyze SOC 2, ISO 27001, CSA CAIQ, PCI DSS and NIST‑based reports.
• Perform AI/ML and LLM security assessments, including prompt injection, data leakage, model inversion and data poisoning.
• Collaborate with business, legal, privacy, risk and architecture teams to define security requirements.
• Translate technical findings into business‑risk language and executive reports.
• Develop and maintain Security Assessment Reports, risk registers and POA&Ms.
• Conduct threat modeling (STRIDE / OWASP) for applications and cloud architectures.
• Review cloud solution designs, identify control gaps and ensure alignment with ISO 27001, NIST CSF, NIST 800‑53 and internal frameworks.
• Support secure‑by‑design practices within the SDLC and enterprise architecture.

Required profile

• 3+ years of experience in security risk assessments and secure design for cloud, on‑premise and SaaS solutions.
• Strong background in SaaS security and third‑party/vendor risk assessments.
• Hands‑on experience with security frameworks such as ISO 27001, NIST, SOC 2 and PCI DSS.
• Experience working with AWS, Azure or GCP environments.
• Understanding of AI/LLM security risks and assessment methodologies.
• Proven ability to communicate technical risks to non‑technical stakeholders and executives.
• Experience collaborating with cross‑functional teams (Legal, Privacy, Risk, Architecture, Business).

Required skills

• Security risk assessment
• Secure design
• Cloud platforms (AWS, Azure, GCP)
• SaaS security
• Third‑party/vendor risk assessment
• ISO 27001, NIST CSF, NIST 800‑53, SOC 2, PCI DSS
• AI/ML and LLM security assessment
• Threat modeling (STRIDE, OWASP)
• Security assessment reporting