Position Title: Info Security Analyst IV
Duration: 12 months
Work Location: Toronto
SUMMARY OF DAY TO DAY RESPONSIBILITIES:
• Provide technical guidance on a range of specific Technology Controls and Information Security programs, policies, standards and incidents.
• Lead risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas.
• Conduct comprehensive risk and control design assessments for an application portfolio, articulate and document impact of control gaps to the business and enterprise-wide, risk mitigation and remediation plans, remediation strategy document or provide information security solutions to address risks.
• Provide guidance and/or lead on the development of on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
• Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
• Proactively work with technology partners and stakeholders and service/platform owners to ensure all technology security components are integrated into the bank’s overall Enterprise Architecture, and any control gaps are addressed.
• Adhere to, advise on, oversee, monitor, enforce enterprise frameworks and methodologies related to technology controls and information security activities.
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.
1.) Information Security background – 8+ years
2.) Experience with security standards/framework – PCI-DSS – 4+ years
3.) Experience with application risk assessments – 7+ years
4.) Experience with Key Risk Indicators reporting – 7+ years
5.) Experience with Control Gap assessments within infosec – 7+ years
6.) Experience with JIRA/Confluence – 2+ years
7.) Stakeholder Coordination – Working with technology partners and stakeholders for implementation of security components, providing status updates, recommendations, etc. – 4+ years
8.) Working on Projects conducting assessments and advising on best practices – 3+ years
9.) PCI-DSS Advisory – 3+ years
10.) Security Certification – CISA, CISSP, CRISC, etc.
NICE TO HAVES:
1.) Previous Banking/Financial Industry experience
2.) Tableau for reporting
3.) Archer experience