Cybersecurity Analyst – Governance, Risk and Compliance
Coca-Cola Canada Bottling Limited
Cyber Security
Job Level
Mid-LevelSenior
Tech Stack
Cyber Security
About the role
- Serve as the primary point of contact for developers, partners, and third-party vendors integrating with Canto’s platform
- Lead implementation of security controls across infrastructure and applications, including access control, change management, and incident response
- Lead business continuity and disaster recovery exercises across all products
- Review feature changes across key product modules to ensure safe and reliable user experiences
- Lead full-cycle cyber and privacy assessments including Threat Risk Assessments (TRA), Cybersecurity Risk Assessments, Privacy Impact Assessments (PIA), and GRC evaluations
- Develop tailored remediation plans to address risks and vulnerabilities leveraging public-sector aligned frameworks and privacy standards
- Improve security risk management program by documenting gaps within product areas and reducing risk
- Design and maintain privacy-by-design frameworks ensuring compliance with GDPR, CCPA, HIPAA, and emerging AI-related regulations
- Oversee data lifecycle management including collection, retention, deletion, and cross-border transfers
- Conduct gap analyses and maintain a privacy risk register integrated with security assessments
- Develop and maintain documentation for policies, procedures, and audit readiness (SOC 2, ISO 27001, ISO 27018)
- Partner with legal and compliance teams to translate regulatory obligations into actionable engineering tasks
- Lead vendor risk assessments and third-party compliance reviews
- Evaluate AI systems for privacy and security risks including model testing cadence, data mapping, and monitoring gaps
Requirements
- Cybersecurity & Privacy Expertise (Must Have)
- 5+ years of hands-on experience in cybersecurity strategy, assessments, and controls implementation
- Strong background in privacy impact assessments and privacy compliance
- Proven experience with frameworks such as: NIST CSF v1.1/v2.0, SOC 2, ISO 27001 / ISO 27701, NIST Privacy Framework
- Familiarity with US and international privacy laws (GDPR, PIPEDA, Australia, etc.)
- Experience conducting Threat Risk Assessments (TRA), Cybersecurity Risk Assessments, Privacy Impact Assessments (PIA), and GRC evaluations
- Experience leading vendor risk assessments and third-party compliance reviews
- Experience evaluating AI systems for privacy and security risks
- Experience developing remediation plans and documenting security gaps
- Experience maintaining documentation for policies, procedures, and audit readiness (SOC 2, ISO 27001, ISO 27018)
