Senior Cybersecurity Analyst required to lead mitigation efforts through conducting risk assessments, establishing governance and compliance standards, creating information security policies and providing recommendations on risk management strategies. (2024-021)
Our GTA based, Municipal Government client requires the services of a Senior Cybersecurity Analyst to lead mitigation efforts through conducting risk assessments, establishing governance and compliance standards, creating information security policies and providing recommendations on risk management strategies.
ROLE :
Conduct comprehensive security risk assessments of new and existing information systems, networks and infrastructure to identify potential vulnerabilities, threats, and risks.
This involves analyzing security controls, performing vulnerability assessments, and evaluating security architecture to determine potential risks
- Recommend controls to mitigate security risks identified through the risk assessment process and communicate risk findings that are clear and actionable by relevant stakeholders.
- Identify, assess, manage, and monitor cybersecurity risks that could materially impact the Client and provide focused predictive risk analytics on business objectives to de-risk strategies, optimize capital use & accelerate revenues.
- Collaborate with internal and external auditors to facilitate security audits and assessments. Coordinate audit activities, respond to audit findings, and assist in implementing corrective actions.
Ensure that security controls and processes are in line with audit requirements and industry best practices
- Perform periodic gap assessments of the information security program to validate compliance on an ongoing basis, facilitate remediation of control gaps and escalates critical issues to leadership
- Facilitate examinations by relevant security assessors, and work closely with control owners, internal and external auditors to ensure requests are completed
MUST HAVE :
- University degree in Computer Science, Information Security, Cybersecurity, or a related field as well as considerable Cybersecurity risk management experience.
- 5+ years of relevant Cybersecurity experience in Governance, Risk and Compliance
- Significant experience with security frameworks (such as NIST CSF, ISO / IEC / , and SOC2), risk management frameworks and creation of policies, standards and procedures
- Experience with Privacy and Security requirements such as PHIPA, PIPEDA, MFIPPA, Canada’s antispam legislation (CASL), ISO IEC , ISA IEC , PCI DSS
- Any one of the following certifications is required :
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)