Business Analyst III
- Mississauga, ON
- Permanent
- Full-time
Category: Information Technology
Engagement: Full-time contract (see “Contract & Hours” below)
Apply by: September 16, 2025The CompanyJoin a global and world renowned biotech corporation & diagnostics leader, known for breakthrough medicines and in-vitro diagnostics. You'll partner with digital product and platform teams to embed security, privacy, and regulatory compliance across high-impact initiatives.The RoleWe're seeking a Senior Business Analyst (Compliance-focused) to advise product and engineering on regulatory requirements, translate laws and standards into actionable controls, and coordinate audits, risk assessments, and remediation across multiple product domains (cloud-forward, AWS preferred).What you'll doCompliance advising: Guide architecture and new solution design to meet security/privacy standards.Audit & assurance: Coordinate evidence, assess control effectiveness, and manage deliverables for ISO 27001/17/18, HITRUST, and related audits.Security ops cadence: Orchestrate pen tests and disaster recovery planning; track issues to closure with strong documentation.Risk governance: Stand up/iterate processes for security & privacy risk identification, assessment, and mitigation.Policy & guidance: Draft/update policies, procedures, and operating guidelines aligned to evolving regulations (GDPR, HIPAA).Enablement: Build training and comms to scale best practices across product and business teams.Cloud & data protection: Apply AWS security architecture principles and data protection by design.Framework expansion: Support implementation/readiness for FedRAMP, C5 and other certifications.GRC & reporting: Leverage/extend GRC platforms for workflows, control mapping, and analytics.Customer trust: Respond to customer security questionnaires; drive reusable/automated responses.What you bringBachelor's in CS/Engineering/Law/Business or equivalent experience.5+ years in InfoSec, Privacy, Risk Management, or Compliance Auditing.Strong grasp of cloud security (AWS) and regulated environments.Working knowledge of GDPR, HIPAA, HITRUST, ISO 27001/17/18.Familiarity with COBIT, NIST, FAIR, ISO 31000 and audit processes (internal/external).Solid project coordination across Agile and traditional teams; excellent written/spoken English.Nice to haveCertifications: CISA, CISM, CRISC, CISSP.GRC tools experience (e.g., ServiceNow GRC, RSA Archer) incl. configuration/workflow automation.Policy lifecycle, third-party risk, and technical writing for controls/policies.Power BI reporting & data modeling.Experience navigating multi-region certs (e.g., China), and platform-level privacy/security needs.Contract & HoursHours/day: 8 Hours/week: 40 Total: ~2,000 hours (≈12 months).Work model: On-site/hybrid in Mississauga, ON; occasional remote flexibility per team needs.Submissions: Shortlisting ongoing through September 16, 2025.Contract Info / Information sur le contrat
- Job ID / No. du Poste: 50243294
- Open Positions / Postes Ouverts: 1