Job Openings Risk Analyst

About the job Risk Analyst

Sr. Analyst, Security Risk & Compliance

Location: Mississauga

Hybrid: 3 days per week onsite (Mandatory)


Responsibilities 

  • Perform security risk assessments of new or existing services, applications, technologies and vendors. Documents and effectively communicates findings to key stakeholders
  • Provide consultative advice to help IS and the business make informed risk management decisions
  • Identify and recommend appropriate controls to address identified security risks and help strengthen our security posture
  • Identify opportunities to enhance existing processes for identifying and managing security risk
  • Design, operate and manage a compliance framework with associated controls that align with ISO 27001
  • Maintain existing and develop new information security governance documents, including policies, standards, procedures and guidelines
  • Work with Internal Audit, Legal, Privacy and other key stakeholders to ensure that IS policies, procedures and controls are aligned with all associated requirements
  • Liaise with internal/external auditors, clients and business teams to facilitate audits and/or risk reviews and help to collect the required information. Ensure timely management response to findings and track remediation through to closure
  • Ensure that in-place security controls are working effectively by designing and implementing appropriate KPIs and/or KRIs for reporting
  • Prepare monthly, quarterly and annual reports and/or presentations for various senior management audiences, including steering committees and board of directors
  • Validate appropriate security controls of vendors and other 3rd parties who safeguard the corporations information assets and computer systems by performing contract reviews and security compliance reviews
  • Conduct monthly reviews with security service providers to ensure compliance with service level agreements (SLAs) and other contractual/service requirements

What You Bring to the Team:

  • A university degree in Computer Science, Information Security or related equivalent is required
  • CISM, CISA, CRISC or CISSP certifications are an asset
  • 8+ years of experience in an IT related field
  • 5+ years in an information security/compliance function or IT audit role
  • 3+ years of experience in information security risk management
  • Significant knowledge of, and experience with, legal and regulatory compliance standards such as GDPR, PCI-DSS, PHIPA, ISO 2700-1 and/or NIST
  • Significant knowledge of computer networking concepts and protocols and IT security methodologies
  • Ability to adapt to constantly changing technical, regulatory, and compliance environments
  • Results oriented, high energy, and self-motivated
  • Excellent verbal and written communication skills
  • Ability to work in a team-oriented, collaborative environment
  • Strong problem solving and analytical skills
  • Ability to handle multiple competing priorities and meet tight deadlines

FSIN