Cybersecurity Governance Risk, and Compliance Analyst

About The Position

Requirements

• 5-7 years’ experience within the area of cybersecurity, risk, compliance, and/or governance
• University or College education, preferably computer science related, or equivalent combination of education and experience is considered an asset.
• Demonstrated ability to translate policies to actionable operational standards and directions.
• Critical thinker with strong problem-solving skills.
• Demonstrated leadership experience with and ability to work independently and within a team environment
• Ability to multi-task and change direction/priorities quickly.
• Excellent organizational, oral and written communication skills.

Nice To Haves

• Professional Designation in IT risk, compliance, or Security such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or Certified Information Security Professional (CISSP) is an asset
• Experience with risk assessment methodologies and IT Control Frameworks such as NIST, ISO, PCI, CIS, and COBIT
• Experience in the fields of IT auditing and technology risk management an asset
• Previous experience using GRC tools
• Experience facilitating and influencing discussions with diverse groups.
• Knowledge of the Lottery and Gaming industry is an asset.

Responsibilities

• Support the evolution of the Cybersecurity GRC framework and the design, implementation, and management of supporting services
• and/or support Cybersecurity Risk assessments, 3rd party assessments, and independent controls assessments
• Maintain the cybersecurity risk register based on results of various assessments and ongoing management and monitoring of risks
• Update and maintain cybersecurity standards to align with organizational security policy. Support communication and awareness of these standards across WCLCSupport WCLC Control owners and their delegates in updating and maintaining organizational cybersecurity policies. Support communication and awareness of these policies.
• Provide security risk management and internal controls expertise, knowledge, and assistance to control, process, and risk owners
• Support the design, implementation, testing and ongoing reporting on effectiveness of technology controls
• Develop, gather and analyze metrics to measure Cybersecurity program effectiveness.
• Develop and report on key risk indicators, identifying recommendations for risk mitigation based on results.
• Assist in ongoing monitoring and compliance with security policy and standards across the organization
• Supports regulatory, audit and compliance assessments and findings both internally and externally
• Track and report on control deficiencies and exemptions

Benefits

• challenging, collaborative work environment
• competitive benefits
• good work-life balance