• Work Location- 335 King Street East, Toronto, ON
• Employee Type - Regular Employee FT Salaried
• Hybrid Work - This position currently follows a hybrid work schedule, subject to change. Employees are required to be in the office a minimum of three days per week (Tuesday, Wednesday, and Thursday), with the flexibility to work remotely on the remaining days.
• Initial Posting Close Date - September 19, 2025

ABOUT THIS OPPORTUNITY

We’re looking for a detail-oriented and collaborative Cybersecurity Analyst – Governance, Risk, and Compliance (GRC) to support our enterprise-wide initiatives. In this role, you’ll help ensure the organization’s compliance with cybersecurity policies, regulatory requirements, and risk management frameworks.
You’ll take a lead role in key areas such as third-party risk management (TPRM), cybersecurity awareness, and data loss prevention (DLP) governance. This position involves close collaboration with IT, legal, privacy, and business stakeholders.
This is a great opportunity for someone who enjoys working across both policy and technical domains, and wants to shape how security is implemented, measured, and communicated across a growing organization.

QUALIFICATIONS

• Degree in a relevant field such as cybersecurity, information systems, or risk management.
• Certifications such as CISM, CRISC, CISSP, ISO 27001 Lead Implementer, or Security+ are considered assets.
• 3–5 years of experience in cybersecurity, with demonstrated knowledge in GRC, TPRM, or audit functions.
• Experience with third-party risk management tools, frameworks, and processes.
• Familiarity with DLP tools and governance (e.g., Microsoft Purview, Forcepoint, Symantec).
• Experience managing or supporting cybersecurity awareness initiatives.
• Understanding of security frameworks such as NIST CSF, ISO 27001, and CIS Controls.
• Strong analytical and organizational skills; capable of managing multiple priorities.
• Excellent written and verbal communication skills with the ability to engage technical and non-technical audiences.
  

  LI-JB1

ABOUT US: PROUDLY CANADIAN AND INDEPENDENTLY OWNED, WE ARE COKE CANADA!

Coca-Cola Canada Bottling Limited is Canada’s premier bottling company. We are an independently owned business encompassing over 5,800 associates, more than 50 sales and distribution centers, and 5 production facilities nationwide. For more information about Coke Canada Bottling, please visit cokecanada.com

• Assist in the development, implementation, and maintenance of cybersecurity policies, standards, and controls.
• Lead and support third-party risk assessments, vendor onboarding reviews, and due diligence activities.
• Collaborate with procurement and legal to evaluate vendor risk and mitigation plans.
• Conduct and track internal risk assessments and audits of cybersecurity controls.
• Support the oversight and governance of Data Loss Prevention (DLP) policies and exceptions in coordination with SOC and IT teams.
• Manage and execute the cybersecurity awareness program, including training content, phishing simulations, and employee engagement campaigns.
• Monitor compliance with internal policies and regulatory standards (e.g., PCI-DSS, NIST).
• Maintain documentation such as risk registers, audit logs, policy repositories, and exception records.
• Track and report GRC performance metrics and risk indicators to stakeholders.
• Research new and evolving compliance regulations and best practices, and contribute to policy updates accordingly.