IT Contract Analyst(MSAs, SOWs, NDAs)
Dynamic opportunity in the insurance industry focused on IT vendor contract review, cybersecurity controls, and third-party risk oversight. This hybrid Toronto-based role supports enterprise vendor governance, contract negotiation, and regulatory compliance while partnering with Legal, Procurement, and Risk teams in a complex, fast-paced environment.
What is in it for you:- Salaried: $40-46 per hour.
- Incorporated Business Rate: $50-56 per hour.
- 6-month contract with the potential for permanent employment.
- Full-time position: 37.50 hours per week.
- Weekday schedule from 8:30 am to 5:00 pm.
- Remote on Monday and Friday; on-site Tuesday to Thursday.
Responsibilities:- Review IT vendor contract clauses and language to ensure alignment with internal contract standards and information security requirements.
- Analyze supplier agreements to identify risks related to data protection, cybersecurity controls, and regulatory compliance.
- Recommend and draft appropriate contractual clauses and safeguards based on vendor products and services.
- Provide guidance to internal stakeholders and Legal teams by outlining contractual risks and proposing mitigation approaches.
- Respond to internal inquiries regarding vendor contracts and contractual obligations.
- Initiate reviews of existing vendor contracts with internal business units when required.
- Support Procurement during vendor negotiations by advising on contract clauses and exceptions.
- Collaborate with Vendor Information Security Management and Vendor Governance teams on contract risk matters.
- Monitor evolving laws, regulations, and industry guidance that may impact contractual language or vendor risk requirements.
- Translate complex contractual or technical concepts into clear language for vendors and internal stakeholders.
- Manage multiple contract reviews while meeting tight timelines and operational priorities.
- Work closely with Legal, Compliance, Risk, Procurement, and business stakeholders to support vendor governance objectives.
What you will need to succeed:- Bachelor’s degree in Business, Economics, Finance, or a related discipline.
- Industry-recognized certification in IT risk, third-party risk management, or procurement is considered an asset.
- Law degree is considered an asset.
- 5 years of experience reviewing third-party vendor contracts, preferably involving IT services, technology vendors, or cybersecurity requirements.
- Experience in IT risk management, third-party risk management, procurement, or vendor governance.
- Strong understanding of IT contract clauses and the ability to assess and recommend appropriate contractual controls.
- Foundational knowledge of cybersecurity and information security principles, including data protection and data flow concepts.
- Knowledge of industry information security or risk frameworks such as NIST 800-53, NIST Cybersecurity Framework (CSF), or ISO 27001 is considered an asset.
- Understanding of regulatory expectations impacting third-party contracts within financial services environments, including OSFI guidance, is considered an asset.
- Familiarity with vendor information security questionnaires and risk assessments is considered an asset.
- Proficiency with Microsoft Office tools including Word, Excel, and PowerPoint.
- Experience with risk or procurement platforms such as Archer, ProcessUnity, or Ivalua is considered an asset.
- Strong critical thinking, organization, and problem-solving skills with the ability to manage multiple priorities.
- Excellent communication and negotiation skills with the ability to engage stakeholders at various levels of the organization.
- Ability to work independently and collaboratively in a fast-paced, matrixed, and global environment.
Why Recruit Action?Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.