Cyber Security Analyst - Governance, Risk & Compliance

About The Position

Requirements

• Bachelor’s degree in computer science, Information Security, or a related field.
• At least 3 years of experience in cyber security governance and risk management (or related 2nd or 3rd line-of-defense).
• Strong understanding of cyber security risk management methodologies and frameworks.
• Knowledge of industry regulations such as NIST, OSFI B-13 and OSFI B-10.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Maintain or working towards a CRISC, ISO27001 Lead implementer/Lead Auditor, CISA or CISM certification or similar is required.

Responsibilities

• Implementing and measuring various aspects of corporate cyber risk and compliance matters.
• Support project teams and work towards ensuring that the organization is meeting the necessary regulatory requirements.
• Maintaining and updating the cyber risk register to ensure it accurately reflects the current risk profile of the organization.
• Collaborating with stakeholders across the organization to identify and assess potential risks and control measures, and documenting these in the risk register.
• Regularly reviewing risk ratings and mitigation strategies in the risk register to ensure they remain relevant and effective.
• Monitoring and reporting on cyber risk management activities including trends and remediation progress to management and other stakeholders.
• Identifying opportunities to improve risk management processes and the use of the risk register and working with relevant stakeholders to implement these improvements.
• Staying up to date with industry trends and best practices in cyber risk management.
• Ensuring the alignment between the risk register and the company’s overall cyber risk strategy.
• Providing training and support to other employees on risk management processes and the use of the risk register.
• Conducting cyber-risk assessments of third-party vendors, including gathering data, performing analysis and providing recommendations.
• Reviewing and analyzing vendor security policies, procedures and controls to ensure compliance with regulatory requirements and industry standards.
• Developing risk assessment reports and other documentation for third-party vendors, including risk ratings, mitigation plans, and recommended actions.
• Collaborating with stakeholders to ensure that third-party vendor risk assessments are conducted in a timely and effective manner.
• Assist with the preparation and execution of audit, red team, and tabletop exercises by efficiently collecting and organizing relevant information, and effectively communicating findings and recommendations to key stakeholders.
• Provide cyber security governance and cyber risk management expertise and guidance to project teams and other stakeholders.
• Fostering a risk-aware culture throughout the organization, where cyber risk is integrated into all operational processes.

Benefits

• Competitive discretionary bonus
• Market leading RRSP match program
• Medical, dental, vision, life, and disability benefits
• Employee Share Purchase Plan
• Maternity/Parental top-up while you care for your little one
• Generous vacation policy and personal days
• Virtual events to connect with your fellow colleagues
• Professional development and comprehensive Career Development program
• A fulfilling opportunity to join one of the top FinTechs and help create a new kind of banking experience