Information Security Risk and Governance Analyst

Submit Your Application

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!

  • Location: Toronto, ON
  • Type: Contract
  • Job #2493

Information Security Risk and Governance Analyst

  • Contract: 6 months to start, with definite extension as long as they are doing well 
  • Location: Fully remote; anywhere in Canada as long as they can work EST/EDT
  • Start Date: ASAP
  • Direct Reports: No

TOP REQUIREMENTS:

  • 3rd party/vendor risk 
  • Compliance and regulatory controls – right now engaging with company that is processing PCI DSS, so they need someone internal with PCI DSS Experience 
  • Someone who can review SOC2 audit report and understand controls 
  • GRC within Information Security space
     

THE CLIENT:

Our client is an industry leader and one of the largest proprietors, operators, investors, and developers of top-tier office, retail, multi-family residential, industrial, and mixed-use properties in North America.  With a legacy spanning over 5 decades, they have played a pivotal role in transforming communities. Their focus extends beyond just their properties, as they actively nurture leadership at every level.

Embrace the opportunity to engage in stimulating work, be a part of an exceptional organizational culture, collaborate with industry leaders, and receive support for your personal and professional growth. Recognize and reward values-driven conduct and outstanding achievements through a competitive rewards package, featuring top-tier benefits and pension plans. Envision a place where your contributions truly matter!

ROLE SUMMARY:

The Senior Information Security Risk and Governance Analyst will support the Information Security Risk Management and Governance programs. Responsibilities include identifying Information Security risks, conducting risk assessments, recommending mitigation strategies, and monitoring risks throughout their lifecycle. This role also involves updating and monitoring Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), Service Level Agreements (SLAs), and other documentation related to the Information Security program. The analyst contributes to creating management reports conveying the status of Information Security risks and governance metrics across the organization.

JOB ACCOUNTABILITIES:

  • Understand Information Security risks aligned with organizational goals.
  • Work with departments to identify, measure, monitor, and report on risks based on information assets.
  • Develop, document, and communicate risk mitigation strategies to owners.
  • Maintain and report on KRIs, KPIs, and SLAs related to Information Security programs.
  • Implement and operate risk and governance technology tools and processes.
  • Contribute to developing new Information Security policies and ensuring existing ones are up-to-date.
  • Support internal and external audits, including artifact collection and review of findings.
  • Stay updated on emerging trends in Information Security risks and threat vectors.
  • Collaborate with stakeholders to develop strategies and plans for enforcing Information Security requirements.

SCOPE OF RESPONSIBILITY:

  • Identification, assessment, and monitoring of Information Security risks.
  • Recommendation of compensating controls to reduce inherent risks.
  • Development and maintenance of Information Security risk and governance KPIs, KRIs, and SLAs.
  • Support for security audits and remediation of identified gaps.
  • Creation and maintenance of Information Security policies and other risk and governance documentation.
  • Implementation and operation of risk and governance technology tools and processes.
  • Development and maintenance of Third-Party Risk Management program.
  • Collaboration with stakeholders to manage Information Security risks.
  • Other responsibilities as assigned by management.

EDUCATION AND EXPERIENCE REQUIREMENTS:

  • Post-secondary degree in Computer Science or equivalent.
  • Minimum 5 years of progressive responsibilities in Information Security risk management.
  • Strong knowledge of Information Security controls for Mobile, IoT, Cloud, Applications, Network, and System infrastructure.
  • Experience with RSA Archer GRC tool or equivalent is an asset.
  • Excellent knowledge of security technologies used in enterprises.
  • Working knowledge of Information Security and Risk Management frameworks like SOC2, ISO27001, ISO27005, NIST CSF, and NIST 800-30.
  • Understanding of legal and regulatory compliance standards (PCI-DSS, GDPR, CCPA, PIPEDA).
  • Audit experience with PCI DSS, SOC2, and/or other compliance and regulatory standards is an asset.
  • CISSP, CISA, CRISC, and other security certifications are strong assets.

CORE COMPETENCIES AND SKILLS:

  • Ability to discuss risk and governance matters with non-technical stakeholders.
  • Analytical skills for complex, interlinked data, communications, and information systems.
  • Problem-solving with a deep understanding of computer security and applicable laws.
  • Aligning risk mitigation recommendations with overall strategy and budget.
  • Proven analytical and problem-solving abilities.
  • Ability to conduct research into Information Security controls and products.
  • Work independently, prioritize tasks, and execute in a high-pressure environment.
  • Excellent written, oral, and interpersonal communication skills.
  • Team-oriented and skilled in working collaboratively.

Submit Your Application

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!

Scroll to Top