Senior Cyber Security Analyst - GRC

Senior Cybersecurity Analyst – Governance, Risk, and Compliance (GRC)
Responsible for implementing, and maintaining a firm-wide information security governance program designed to help ensure the Security program and its supporting capabilities and processes effectively protect information and system assets.

Education & Experience

Minimum 5 years of information security experience in any combination of risk management, information security or information technology leadership.

Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance (SOC2, NIST), technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection.

Excellent communication (verbal and written) and customer service skills. Strong interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management.

Excellent organization/project planning, time management, and change management skills across multiple functional groups and departments.

CRISC, CISA, CISM or other relevant certifications are preferred.

Ability to work in a team-based setting and independently.

Responsibilities

Develops, implements, and administers firm-wide Security Policies and Standards with alignment to industry best practices such as NIST and ISO.

Creates and maintains operational and executive summary Security KRIs/KPIs for committee and board level reporting.

Provides reporting on the status of the information security program to senior business and technical leaders.

Managing the security metrics program which includes coordinating the collection of security metric data, tracking and reporting metrics and developing and refining new security metrics.

Develops and enhances an information security control assessment framework based on appropriate information security industry standards to measure the efficiency and effectiveness of the program controls.

Manages the organization’s Data Governance Lifecycle (discover, remediation, asset registry, data flow mapping).

Reviews security requirements and questionnaires from existing and potential customers.

Works with Audit and External consultants as appropriate on required security assessments and audits.

Performs security and compliance assessments on new and existing systems, processes, and technology.

Performs periodic gap assessments to validate compliance on an ongoing basis.

Develops methodologies to audit, benchmark and report compliance status.

Stays up to date and informed on developing regulatory concerns and changing IT and information security trends.

Facilitates the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings.

Provides leadership, direction, and guidance in assessing and evaluating information security risks and monitors compliance with security standards and appropriate policies.

Supports the organization’s vendor management processes by performing Vendor/3rd-Party Risk Assessments.

Communicating and reporting status and audit findings on key information security metrics to peers and management and all other relevant individuals and groups.

Creates and manages targeted information security awareness and education program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of the program.

Job Details

Seniority level:
Associate

Employment type:

Full-time

Job function:
Information Technology

Industries:
Transportation, Logistics, Supply Chain and Storage

Location:

Mississauga, Ontario, Canada

Salary: CA$-CA$

#J-18808-Ljbffr