Job Description

As a Cybersecurity and IT Risk and Compliance Analyst you are responsible for working with the Information Security and IT Risk Management leaders to develop and maintain Cybersecurity and IT Risk and Compliance Management governance, frameworks, policies and processes. You will work with operational teams to provide risk and compliance management advisory, coordination, facilitation and oversight services to enable IT and business leaders to effectively and efficiently manage operational risks and meet compliance requirements within the domain or business units.

Responsibilities

• Assist the business and Information & Technology (IT) leaders in conducting business impact analysis and maintaining a map of business process to information technology.
• Work with IT leaders to develop and maintain IT Risk Taxonomies.
• Work with IT leaders to perform IT Risk and Control Assessments (RCAs) and response planning.
• Assist the business and IT leaders in conducting Change Risk Assessments for material changes in the IT environment.
• Work with business and IT leaders to develop and maintain an inventory of external requirements and the annual IT Compliance plan.
• Work with IT leaders to design and implement IT controls and conduct periodic control self-assessments and IT third party service providers control assessments.
• Develop and maintains the Program Risk Management Plan and Register.
• Provide Risk Management Training.
• Facilitate risk identification, analysis, response planning, monitoring and lessons learned.
• Work with IT leaders to develop and maintain the IT Risk and Compliance Management framework, policies, standards, processes, tools and best practices.

Qualifications

• Diploma in Computer Science or related discipline.
• A current senior professional certification or equivalent from a recognized education institution or company relevant to audit or risk, including;
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Certified in Governance of Enterprise IT (CGEIT)
• Certified Information Security Manager (CISM)
• Seven years of experience in IT, including three years supporting information security issues and controls, IT Risk Management and IT Compliance.
• Experience documenting process and procedures is an asset.
• Knowledge of industry risk and compliance policies, procedures and best practices.
• Ability to relate to others with all levels of technical competency.
• Knowledge of IT process and control frameworks such as COBIT, NIST CSF, ISO 27002, ITIL, PMI, etc.

Job Tags

Similar Jobs