Intermediate Governance, Risk and Compliance (GRC) Analyst to ensure that the organization’s information systems are protected by completing technical cont

Our valued client is looking for a Intermediate Governance, Risk and Compliance (GRC) Analyst to ensure that the organization’s information systems are protected by completing technical control reviews and reporting on compliance.

Annual Salary approximately from $83,480.00 to $98,240.00

This is 1-year term position with the possibility of extension.

Tasks include:

• Ensure that the organization's information systems are protected by completing technical control reviews and reporting on compliance
• Perform information risk assessments and provide guidance on industry best practices and alignment to standard cybersecurity frameworks (ISO, NIST)
• Monitor and measure overall information security practices across the different technologies and processes
• Work with the team to update and design new information security policies.
• Improve information security through security awareness programs, policies, guidelines and standards, as well as through the ongoing integration of information security within business strategies.
• Contribute to policy writing and building out a vendor management / third party management program

Must have:

• Eligible for reliability clearance
• Minimum 2 years of previous experience as senior GRC and/or audit role. Experience in the IT field is not mandatory but highly desirable
• Prior GRC experience, such as:
• Participating in audits, and being exposed to how evidence is gathered
• Experience with installations and implementation of security solutions across various computing platforms and network infrastructure
• Experience with management of both physical and logical information security systems
• Experience with vulnerability assessment, security audits, TCP/IP, intrusion detection systems, and firewalls
• Experience with weighing business risks and suggesting appropriate information security measures
• Experience applying IT security policies
• Experience using a GRC tool

Nice to have:

• College diploma or certificate in Computer Science, Computer Systems Engineering or a related field
• Certified Information System Security Professional (CISSP) certification or equivalent (eg: CISA) certification
• Bilingualism (English/French)
• Knowledge of ISO 27001, 27002, 27018, or 27017