Senior Cybersecurity GRC Analyst required to lead risk mitigation efforts through conducting security and privacy risk assessments, establishing and mainta

Our GTA based, Municipal Government Client requires a Senior Cybersecurity GRC Analyst to lead risk mitigation efforts through conducting security and privacy risk assessments, establishing and maintaining governance and compliance standards, creating, communicating, and enforcing information security policies and providing recommendations on risk management strategies.

ROLE:

1. Conduct comprehensive security and privacy risk assessments of new and existing information systems, networks and infrastructure to identify potential vulnerabilities, threats, and risks. This involves analyzing security controls, performing vulnerability assessments, and evaluating security architecture to determine potential risks

2. Recommend controls to mitigate security risks identified through the risk assessment process and communicate risk findings that are clear and actionable by relevant stakeholders.

3. Identify, assess, manage, and monitor cybersecurity and privacy risks that could materially impact Client and provide focused predictive risk analytics on business objectives to de-risk strategies, optimize capital use & accelerate revenues.

4. Develop, enhance and communicate security governance frameworks, policies, standards and procedures across the Client. Establish guidelines and best practices to support Client’s security objectives and ensure alignment with industry standards and regulatory requirements.

5. Design and document technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that the Client meets both the requirements and intent of its regulatory and compliance obligations

6. Perform periodic gap assessments of the information security program to validate compliance on an ongoing basis, facilitate remediation of control gaps and escalate critical issues to leadership

7. Manage exception review and approval process, and ensure exceptions are documented and reviewed periodically

8. Ensure compliance with relevant regulatory frameworks, industry standards, and internal policies. Monitor and assess Client’s compliance with these regulations and recommend strategies for maintaining compliance. Collaborate with stakeholders to address any compliance gaps and provide recommendations for improvement.

MUST HAVE:

• University degree in Computer Science, Information Security, Cybersecurity, or a related field as well as considerable Cybersecurity risk management experience or the equivalent combination of education and experience.
• 7+ years of relevant Cybersecurity experience in Governance, Risk and Compliance
• 5+ years of relevant experience with conducting Privacy Risks Assessments and Privacy Impact Assessments
• Significant experience with security frameworks and standards (such as NIST CSF, ISO/IEC 27001/27002, ISA/IEC 62443, NERC CIP, CIS Controls, SOC2, etc.) and Risk Management frameworks
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP, SAMLv2, OAuth, and SSL/TLS
• Strong understanding of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
• In-depth understanding and application of relevant Canadian regulations such as PHIPA, MFIPPA, Canada’s antispam legislation (CASL), Critical Cyber Systems Protection Act (CCSPA), Enhancing Digital Security & Trust Act, etc
• Any one of the following certifications is required:

- Certified in Risk and Information Systems Control (CRISC)

- Certified Information Systems Security Professional (CISSP)