GRC Analyst, Information security

Toronto Office

Ranked a Best Employer in Canada for 25 years, Bennett Jones is one of Canada’s premier business law firms and home to 500 lawyers and business advisors. With deep experience in complex transactions and litigation matters, and offices in Calgary, Edmonton, Montréal, Toronto, Vancouver and New York, the firm is well equipped to advise businesses and investors with Canadian ventures and connect Canadian businesses and investors with opportunities around the world. Serving clients since 1922, we are proud to be the firm that businesses trust with their most complex legal matters.

We are currently recruiting for the following role in our Toronto office:

GRC Analyst, Information security

The Role:

The information security GRC analyst, reporting to the Director Information Security GRC, will support the implementation and maintenance of the organization’s Governance, Risk, and Compliance (GRC) program, with a strong focus on third party security compliance, security governance, and internal controls. This role will contribute to maintaining a formally structured, risk-based security framework aligned with industry standards such as ISO 27001 and ISO 22301. The position requires a minimum of three years of information security experience in a similar position and excellent communication skills.

Essential Functions:

  • Oversee the cybersecurity compliance program for third parties, including:
    • Managing requests from clients, prospects, auditors, cyber-insurers, or others, related to our security program, to ensure a timely and accurate response to security questionnaires and associated requests.
    • Managing the compliance of the Firm's key IT vendors with information security, to ensure the initial security due diligence, annual security re-certification, and continuous monitoring of the vendors' security profile.
  • Assist with the performance of important internal security processes and controls, including:
    • Tracking status and following up with the person responsible to ensure key internal security tasks are conducted in time and as per the annual schedule.
    • Maintain security dashboards, metrics, and reports as required for the team, the IT Department and senior management.
    • Making suggestions and improving existing security standards and procedures.
  • Conduct security tasks as required to maintain the Firm's ISO 27001 and ISO 22301 certifications:
    • Conducting limited internal security audits; Collaborate with IT and business units to remediate compliance gaps; Maintain documentation related to compliance activities, controls, and audit findings; Assist with ad-hoc security investigations; Stay current on emerging regulations, standards, and industry trends.

Qualifications:

  • Bachelor's degree in information technology, computer Science, cybersecurity, or related field
  • Minimum three years of experience in IT compliance, risk management, or information security
  • Knowledge of regulatory frameworks (e.g., ISO 27001, ISO 22301, NIST)
  • Experience with security risk management processes and compliance tools
  • Outstanding oral and written communication skills
  • Excellent interpersonal relationship skills
  • High-level of attention to detail and accuracy
  • High degree of personal initiative and maturity with an ability to work with minimal supervision
  • Ability to prioritize tasks effectively, respect deadlines, and report any issues or conflict in the performance of operational activities, and the planning and scheduling of tasks and projects
  • Professional certifications as follows are an asset
    • CISSP, CISA, CISM, CRISC
    • SANS/GIAC, CompTIA Security+, CEH

Additional Details:

  • Compensation: $102,640-153,960 per annum
  • Vacancy: This position is for an existing vacancy

Apply To:

Human Resources
Bennett Jones Services Limited Partnership                                                                                                                                   
3400 One First Canadian Place
P.O. Box 130
Toronto, ON M5X 1A4
E-mail:  hrdeptcal@bennettjones.com

#LI-Hybrid

All offers of employment are conditional upon the satisfactory verification of a Canadian criminal record check and social media search. Determination of the factors that constitute satisfactory verification is within the sole discretion of Bennett Jones.

This position will remain open until a suitable candidate is found.

Bennett Jones is committed to providing accommodations throughout the recruitment process in accordance with the Accessibility for Ontarians with Disability Act, 2005.  If you require accommodations, please notify us and we will work with you to meet your needs.  We are proud to be an equal opportunity employer.

Apply To:
3400 One First Canadian Place
P.O. Box 130
Toronto, Ontario
M5X 1A4 Canada
E-mail: hrdeptcal@bennettjones.com
 

© Bennett Jones LLP 2026. All rights reserved..

BennettJones.com