Location Address: Toronto
Contract Duration: 12 months (Possibility for extension or Convert to FTE)
Story Behind the Need:
Project: Seeking an IT Security Analyst. The role is critical to continue the work on TRAs for Medium-Critical projects, and track the remediation of risk items identified in previous threat risk assessments. Work on threat risk assessments and track the remediation of risk items identified in previous TRAs. Need an advisory to lead a project and provide risk assessments, and provide risk assessment document. Have to review the security document with architect team to determine controls that need to be replaced.
Candidate Value Proposition:
– This is a long term contract and candidate will have the opportunity to be with the bank for up to 15 months
Typical Day in Role:
– Conduct risk assessments on internal applications, verify security controls, provide suggestion on compensating controls, and help process risk acceptances. and third-party vendors
– Experience with architecture documentation – ability to recognize and identify risks based upon application design or implementation plan
– Review and evaluate responses to security assessments and validate supporting evidence (ie, policies, reports, procedures, etc.)
-Review security design documentation
-Understanding of compensating controls
– Understand risks identified in assessments to clearly and intelligently communicate findings to stakeholders
-Provide guidance to stakeholders regarding risks and corresponding actions necessary to remediate said risks.
– Prepare and present assessment results to management
– Work closely with stakeholders, including application owners and business lines to ensure risk remediation or acceptance is addressed
-Collaborate with IT business partners and team leads
-Perform control testing, as needed
Candidate Requirements/Must Have Skills:
1) IT Security Analyst or related cybersecurity background – 7+ years of experience
2) You have at least 7 years of hands-on technical working experience in performing Threat Risk Assessments on complex applications and network environments
3) You have at least 5 years of hands-on technical working experience with security controls/mechanisms.
4) You have used industry leading productivity tools to produce quantitative/qualitative reports; data flow diagrams & visual presentations
5) Proficiency in MS Office (extended knowledge in MS Excel preferred) – 3+ years
1. Advanced communication (verbal/written/presentation) skills in Spanish is a strong asset.
2. Certifications (CISSP, CISM, CCSP, CRISC) are nice to have.
3.Prior work experience within Risk Management for FI or Banking is an asset
– Someone that can come in and hit the ground running
– Self starter to be able to handle the ongoing projects and work load
– Ability to work in a collaborative team environment, but also able to put their head down and work more independently or with smaller groups
– Candidate must have excellent communication and presentation skills – possible opportunity to present their findings to senior leaders depending on project
Degrees or certifications:
– Bachelor's degree in a technical field such as computer science, computer engineering or related field required
– Certifications (CISSP, CISM, CCSP, CRISC) are nice to have.