Information Security Analyst I (Audit and Controls)

About The Position

Requirements

• Experience conducting controls gap analysis and/or risk assessment.
• Working knowledge of access governance, audit, technology controls and information security programs/policies/standards.
• Intermediate knowledge of one or more technology controls or security domains, disciplines and practices.
• Experience with MS Office 365 (Word, PowerPoint, Outlook and SharePoint) with intermediate working and operational knowledge of MS Excel.
• Experience managing large datasets.
• Ability to effectively leverage AI tools and platforms to streamline workflows, automate repetitive tasks, and improve efficiency.
• Demonstrated ability to analyze complex issues to identify the underlying problem (root cause), clearly articulate what needs to be addressed, and support the determination of pragmatic and effective remediation approaches.
• Be able to juggle a few different tasks effectively, within delivery deadlines.
• Demonstrated ability to contribute and collaborate to the delivery of complex initiatives within an agile team environment.
• Good judgment— ability to determine which issues to escalate vs. to resolve independently and provide suggestions for possible resolution.
• Ability to communicate effectively and build good working relationships with diverse groups to identify issues, reach consensus and implement workable solutions.
• Ability to understand and detect business and technology issues and their impacts.
• Detailed oriented, strong analytical, organization and problem-solving skills, apply innovative thinking and ability to explore alternative approaches.
• Must be collaborative, self-motivated, energetic, and results-oriented and be committed to adding value to the team.

Nice To Haves

• Experience with JIRA/Confluence an asset.
• Experience with Power Apps, Power Automate, Power BI or similar tools.
• Information Security Certification / Accreditation an asset.

Responsibilities

• Develop and maintain automation tools to enhance audit response workflow
• Develop and maintain dashboard capabilities to support reporting requirements
• Contribute to reporting/analysis and metrics that help measure control execution and identify trends.
• Contribute to internal activity and process review, identify opportunities to improve efficiency and consistency of control processes, flag windows for improvement and develop solutions accordingly.
• Guide and advise partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents.
• Engage in assessments related to risk, controls, implemented control procedures, and vulnerabilities
• Support the planning, execution and stakeholder guidance for access governance in adherence to Enterprise Policies, Standards and Procedures.
• Assist with review/validation of controls implementation and evidence accuracy & completeness in alignment with business requirements/processes.
• Support evidence collection, communication with stakeholders and tracking internal/external audit activities.
• Assist in identifying, tracking, and remediating control gaps and access governance issues.
• Support asset owners to ensure findings are closed and pass the various finding resolution review stages.
• Build and maintain positive working relationships by effectively communicating and regularly sharing information, issues/points of interest, learnings and knowledge with the team and other risk partners.
• Adhere to policies, procedures, technology control standards and regulatory guidelines.

Benefits

• health and well-being benefits
• savings and retirement programs
• paid time off
• banking benefits and discounts
• career development
• reward and recognition programs