Senior Analyst

Description:

Senior Analyst

Posting Start Date: 6/3/26

Job Type: PermanentWork Model: HybridReference code: 133440Primary Location: Toronto, ONAll Available Locations: Toronto, ON; Halifax, NS; St. John's, NL

Our Purpose

At Deloitte, our Purpose is to make an impact that matters. We exist to inspire and help our people, organizations, communities, and countries to thrive by building a better future. Our work underpins a prosperous society where people can find meaning and opportunity. It builds consumer and business confidence, empowers organizations to find imaginative ways of deploying capital, enables fair, trusted, and functioning social and economic institutions, and allows our friends, families, and communities to enjoy the quality of life that comes with a sustainable future. And as the largest 100% Canadian-owned and operated professional services firm in our country, we are proud to work alongside our clients to make a positive impact for all Canadians.

By living our Purpose, we will make an impact that matters.
 

• Have many careers in one Firm.
• Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness.
• Learn from deep subject matter experts through mentoring and on the job coaching
   

--

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

What will your typical day look like?

In this role, you prepare responses that are thorough, accurate, and reflective of Deloitte's commitment to security and data protection. This position requires a proactive mindset, strong analytical capabilities as your contributions will be essential in maintaining our clients' trust and upholding our reputation. As part of the Security Inquiry Response Center you will:
 

• Address member firm, client, regulatory, and audit-related information security requests.
• Identify, gather, and pre-populate responses using Standard Answer Banks (SABs).
• Determine remaining questions needing consultation with Management, Client Security Leads (CSLs), or Subject Matter
• Experts (SMEs).
• Ensure the quality and consistency of work been done by other team members.
• Assign and plan tasks for other team members.
• Highlight and address issues in SABs and assist with their maintenance, improving quality of responses and expanding scope as necessary.
• Support service queue and mailbox rotation for consistent coverage.
• Analyze and evaluate security requests, internal/external assessments, and audits.
• Coordinate internal/external audit requests, including scoping, data gathering, and refinement.
• Assist with evidence gathering and sanitization activities.
• Build strong relationships with internal stakeholders and maintain regular communication with the management team,member firm CSLs and various SMEs to improve deliverable quality.
• Contribute to the development of best practices and stay up to date on global security policies, standards and technology.
   

About The Team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Enough About Us, Let’s Talk About You

Do you possess the following?:
 

• Bachelor’s Degree or higher in business administration, a technology-related field, or equivalent
   

experience.
 

• One to three (1-3) years demonstrated experience in applying leading practices in a large-scale Information
   

Security, Technology Risk or Operational Risk environments, including strategy development and

execution, risk and governance experience.
 

• Basic knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management.
• Working knowledge of various IT risk frameworks, methodologies, leading industry/assurance standard and regulations, as well as attestation reporting frameworks, such as the ISO family of standards 27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
• Basic knowledge of GRC tools (e.g., ServiceNow).
• Strong analytical and problem-solving skills.