Analyst, IT Risk

RFA Bank of Canada
Toronto, CA; US
On-site

Job Description

Analyst, IT Risk – RFA Bank of Canada

Date: April 24, 2026

Location: Toronto

Company: RFA Bank of Canada

Job Type: Permanent

About RFA

Founded in 1996, RFA (Realty Financial Advisors) is a leading Canadian-owned real estate firm. Through RFA Bank of Canada and RFA Mortgage Corporation, RFA offers mortgage brokers a complete range of Prime and Alternative mortgage solutions.

RFA Bank of Canada, a division of RFA (Realty Financial Advisors), is a federally regulated Schedule I Bank. Our goal is to be a long-term leader in the residential lending market by offering more than just competitive rates and compensation. At RFA Bank of Canada, we focus on delivering a unique value proposition in the Alternative mortgage space, committed to innovation and exceptional service to meet a diverse range of borrower needs.

The Opportunity

We’re looking to fill an Analyst, IT Risk position at RFA Bank of Canada!

The Information Technology (IT) Risk Analyst, Operational Risk is responsible for supporting the Senior Manager in ensuring that the Board and Senior Management have full insight into the technology and resilience components of the operational risk profile of the Bank. The IT Risk Analyst will assist the Senior Manager in mitigating risks arising from internal processes, people, systems and as/if applicable, external events. This is achieved through the establishment, maintenance and enhancement of the technology and resilience components of an operational risk management framework governing the Bank’s existing activities and processes as well as any prospective business or other changes.

Core Responsibilities

As the Analyst, IT Risk, you will:

Information Technology Risk Management:

  • Participate in and independently challenge first-line IT risk and control assessments, including identification of material risks, control gaps, and residual risk.
  • Assess whether the Bank’s IT risk management practices are designed and operating effectively in alignment with OSFI guidance and internal risk appetite.
  • Provide oversight and effective challenge of the adequacy of IT resilience, availability, and recoverability capabilities.
  • Review and assess the design and testing outcomes of disaster recovery and business continuity programs developed by the first line.
  • Monitor and assess adherence to data governance frameworks, including data integrity, confidentiality, and availability controls.
  • Evaluate whether critical business services and supporting systems are appropriately identified, classified, and prioritized for resilience planning.
  • Provide independent oversight of the Bank’s Business Continuity Management (BCM), including testing results and remediation tracking.
  • Review the results of IT control testing, audits, and assessments, and challenge the completeness and effectiveness of remediation actions.

Third-Party Vendor Management:

  • Provide oversight of the Bank’s Third-Party Risk Management program.
  • Review and challenge risk assessments, due diligence outcomes, and ongoing monitoring activities performed by the First Line of Defense.

Cybersecurity:

  • Provide independent oversight and challenge the Bank’s cybersecurity risk management framework.
  • Monitor cyber risk metrics, incidents, and emerging threats, and assess their impact on the Bank’s risk profile.

What You’ll Need to Succeed

  • Bachelor's degree in Information Technology, Computer Science, or a related field.
  • Minimum of 2 years of experience in IT risk management, cybersecurity, or a related role.
  • Strong understanding of OSFI guidelines and regulatory requirements.
  • Experience with risk assessment methodologies and tools.
  • Good understanding of data management concepts; prior exposure to related initiatives.
  • Proficient with Microsoft Office (Word, Excel, PowerPoint) including macros and data visualizations.
  • Relevant certifications (e.g., CC) considered an asset.

What Sets You Apart

  • Excellent analytical and problem-solving skills.
  • Strong communication and interpersonal skills.
  • Analytical skills and the ability to independently generate risk-based reporting for monitoring & oversight
  • Willingness to learn new skills and expand knowledge base by demonstrating initiative through taking on new tasks
  • Ability to prioritize, balance conflicting tasks, and manage internal and external stakeholders
  • All-round abilities, and a demonstrated willingness and enthusiasm to be a team-player, and to embrace the challenge of working in a lean and fast-paced environment in a growing organization

Our Values and What We Offer at RFA

At RFA, we live by our core values. These values guide our daily actions and shape our work culture:

  • Accountability: You take ownership of your work & its consequences. You always consider risk & make informed decisions.
  • Selflessness: You share info & teach others. You’re able to put your ego aside & understand that the best idea wins.
  • Inclusivity: You value differing viewpoints & experiences. You

Skills & Requirements

Technical Skills

It risk managementData governanceDisaster recoveryBusiness continuity managementCybersecurity risk managementCloud platformsOperational risk managementThird-party vendor managementCommunicationFinance

Employment Type

FULL TIME

Level

Mid-Level

Posted

4/30/2026

Continue to LinkedIn

You will be redirected to the job posting on LinkedIn.

Sign in and we'll score your resume against this role.