Cyber Security Analyst Governance, Risk & Compliance (Contract)
Share
Job Location:
Monthly Salary:
Posted on:
10 hours ago
Vacancies:
1 Vacancy
Job Summary
Join a Challenger
Being a traditional bank just isnt our thing so we challenge ourselves to get creative in providing innovative banking solutions for Canadians.
How do we get there With a talented team of inquisitive and agile challengers that break through the status quo. So if youre passionate about redefining the future of bankingwhile having funthis could be your next big opportunity.
Our company continues to grow and today we serve more than 670000 people acrossCanadathrough Equitable BankCanadasChallenger Bank and have been around for more than 50 years. Equitable Banks wholly-owned subsidiary Concentra Bank supports credit unions acrossCanadathat serve more than six million members. Together we have over$125 billionin combined assets under management and administration with a clear mandate to drive change in Canadian banking to enrich peoples customers have named our EQ Bank digital platform () one of the top banks in Canada on the Forbes Worlds Best Banks list since 2021.
The Work
The Cyber Risk & Governance Analyst as part of the Information Security Governance & Third-Party Cyber risk team is responsible for analyzing and assessing the organizations information security risks and ensuring that risk management activities are operationalized to keep the banks Technology Risk profile within the organizations risk appetite. This includes managing the companys risk register ensuring that it is accurate up-to-date and reflective of the current risk environment. Facilitating risk identification and assessment workshops with stakeholders across the organization recording risk information in the register and assigning risk owners to ensure timely and effective risk mitigation. Also ensures that risks are being effectively monitored and reported up to management. Additionally this role supports the effective management of third-party cyber risks by conducting third-party cyber risk assessments. The analyst will collaborate with other technology departments the Risk Management Group Internal Audit and key business stakeholders throughout the company to manage and maintain the risk register evaluate overall information technology risk and manage reporting on digital and technology third-party cyber risks. The analyst will also provide recommendations to enhance the organizations information security posture assist in implementing information security policies and guidelines and support regulatory compliance efforts. While third-party cyber risk management activities are not a primary function of this role this role is expected to support the third-party cyber risk management activities as required.
The Core Responsibilities!
- By collaborating with multi-disciplinary teams cross-functional departments stakeholders and vendors this role is responsible for implementing and measuring various aspects of corporate cyber risk and compliance matters. The role will support project teams and work towards ensuring that the organization is meeting the necessary regulatory requirements.
- Maintaining and updating the cyber risk register to ensure it accurately reflects the current risk profile of the organization.
- Collaborating with stakeholders across the organization to identify and assess potential risks and control measures and documenting these in the risk register.
- Regularly reviewing risk ratings and mitigation strategies in the risk register to ensure they remain relevant and effective.
- Monitoring and reporting on cyber risk management activities including trends and remediation progress to management and other stakeholders.
- Identifying opportunities to improve risk management processes and the use of the risk register and working with relevant stakeholders to implement these improvements.
- Staying up to date with industry trends and best practices in cyber risk management.
- Ensuring the alignment between the risk register and the companys overall cyber risk strategy.
- Providing training and support to other employees on risk management processes and the use of the risk register.
- Conducting cyber-risk assessments of third-party vendors including gathering data performing analysis and providing recommendations.
- Reviewing and analyzing vendor security policies procedures and controls to ensure compliance with regulatory requirements and industry standards.
- Developing risk assessment reports and other documentation for third-party vendors including risk ratings mitigation plans and recommended actions.
- Collaborating with stakeholders to ensure that third-party vendor risk assessments are conducted in a timely and effective manner.
- Assist with the preparation and execution of audit red team and tabletop exercises by efficiently collecting and organizing relevant information and effectively communicating findings and recommendations to key stakeholders.
- Provide cyber security governance and cyber risk management expertise and guidance to project teams and other stakeholders.
- Fostering a risk-aware culture throughout the organization where cyber risk is integrated into all operational processes.
Lets Talk About You!
- Bachelors degree in computer science Information Security or a related field.
- At least 3 years of experience in cyber security governance and risk management (or related 2nd or 3rd line-of-defense).
- Strong understanding of cyber security risk management methodologies and frameworks.
- Knowledge of industry regulations such as NIST OSFI B-13 and OSFI B-10.
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills.
- Maintain or working towards a CRISC ISO27001 Lead implementer/Lead Auditor CISA or CISM certification or similar is required.
What we offer For full-time permanent roles
Competitive discretionary bonus
Market leading RRSP match program
Medical dental vision life and disability benefits
Employee Share Purchase Plan
Maternity/Parental top-up while you care for your little one
Generous vacation policy and personal days
Virtual events to connect with your fellow colleagues
Annual professional development allowance and a comprehensive Career Development program
A fulfilling opportunity to join one of the top FinTechs and help create a new kind of banking experience
The incumbent will be working hybrid and in office time will be spent working from Equitable Banks additional office space located at 2200-25 Ontario Street Toronto ON.
Equitable Bank is deeply committed to inclusion. Our organization is stronger and our employees thrive when we honour and celebrate everyones diverse experiences and tandem with that commitment we support and encourage our staff to grow not just in their career path but personally as well.
We commit to providing a barrier-free recruitment process and work environment for all applicants. Please let us know of any accommodations needed so that you can bring your best self to the application process and candidates considered for hire must successfully pass a criminal background check and credit check to qualify for hire. While we appreciate your interest in applying an Equitable recruiter will only contact leading candidates whose skills and qualifications closely match the requirements of the position.
We cant wait to get to know you!
Required Experience:
IC
Key Skills
- ISO 27001
- Microsoft Access
- Risk Management
- Financial Services
- PCI
- Risk Analysis
- Analysis Skills
- COBIT
- NIST Standards
- SOX
- Information Security
- Data Analysis Skills
About Company
At Equitable Bank, we specialize in providing branchless financial services that meet the unique needs of all Canadians. Our range of mortgages, savings accounts and investment options are designed to offer the right solutions to match any unique circumstance.
