Senior Analyst, Security Governance, Risk and Compliance

Position: Senior Analyst, Security Governance, Risk and Compliance - Permanent - 18006
About the Opportunity

Our client is building the future, and their people are at the heart of everything they do. Our client is always looking for exceptional talent to work on our exciting and ever-expanding project portfolios. They are focused on being the #1 Canadian Infrastructure Company and the first-choice employer in our industry.

Duties include but are not limited to:

Perform security risk assessments of new or existing services, applications, technologies and vendors. Documents and effectively communicates findings to key stakeholders

Provide consultative advice to help IS and the business make informed risk management decisions

Identify and recommend appropriate controls to address identified security risks and help strengthen security posture

Identify opportunities to enhance existing processes for identifying and managing security risk

Design, operate and manage a compliance framework with associated controls that align with ISO 27001

Maintain existing and develop new information security governance documents, including policies, standards, procedures and guidelines

Work with Internal Audit, Legal, Privacy and other key stakeholders to ensure that IS policies, procedures and controls are aligned with all associated requirements

Liaise with internal/external auditors, clients and business teams to facilitate audits and/or risk reviews and help to collect the required information. Ensure timely management response to findings and track remediation through to closure

Ensure that in-place security controls are working effectively by designing and implementing appropriate KPIs and/or KRIs for reporting

Prepare monthly, quarterly and annual reports and/or presentations for various senior management audiences, including steering committees and board of directors

Validate appropriate security controls of vendors and other 3rd parties who safeguard the company’s information assets and computer systems by performing contract reviews and security compliance reviews

Conduct monthly reviews with security service providers to ensure compliance with service level agreements (SLAs) and other contractual/service requirements

Act as a backfill for other security team members, as required

About You

The successful candidate will have the following:

A university degree in Computer Science, Information Security or related equivalent is required

CISM, CISA, CRISC or CISSP certifications are an asset

8+ years of experience in an IT related field

5+ years in an information security/compliance function or IT audit role

3+ years of experience in information security risk management

Significant knowledge of, and experience with, legal and regulatory compliance standards such as GDPR, PCI-DSS, PHIPA, ISO 2700-1 and/or NIST

Significant knowledge of computer networking concepts and protocols and IT security methodologies

Ability to adapt to constantly changing technical, regulatory, and compliance environments

Results oriented, high energy, and self-motivated

Excellent verbal and written communication skills

Ability to work in a team-oriented, collaborative environment

Strong problem solving and analytical skills

Ability to handle multiple competing priorities and meet tight deadlines

About the Job

Competitive salary $85,000-$90,000

Opportunity to work with industry leaders and innovative technology solutions

Professional development and growth opportunities

A collaborative and supportive team environment

Comprehensive health, dental, and vision benefits

A Hybrid work schedule, 3 days in the office, 2 days at home (Airport area)

LROIT