Senior Security Analyst to conduct risk assessment on IT asset management remediation project for large financial bank - BNSJP00033692

Our client is looking for a Senior Security Analyst to conduct risk assessment on IT asset management remediation project for large financial bank - BNSJP00033692

Location Address: Hybrid (once a week; open to fully remote candidates) - 40 King Street W

Contract Duration: ASAP October 31, 2024, possibility of extension

Business Group: IT Risk team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for the Global Wealth portfolio on all technology risk domains, including Cyber Security, Data Privacy, Software Lifecycle Management, Capacity, Incident Management, Disaster and Backup Recovery, Third Party Management, Project Management, and Audit & Regulatory issue remediations. The team is looking for an IT Security Analyst to support risk assessment and EOL remediation projects.

Responsibilities:

• Reporting into Local Manager in Canada
• Day to day responsibilities by US IT Risk 1b Director
• Assist and conduct the Risk Assessments and RCSAs
• Write Risk Acceptances/Exceptions
• Collaborate with the IT application owners, Risk Advisors for any US Risk related items
• Work on key risk areas - ITAM, End of Life (Software and Hardware), Vulnerability Management
• Attend meetings where 1b is required for advisory roles
• Review the IT Risk dashboard for US related KRIs, usage of excel/spreadsheets for pivots, charts etc.
• Assist in Management decks creations

Must-Have skills:

• 10+ years of working experience as an IT Security Analyst
• 5-10+ years of Risk Management background within Banking/Financial Institutions (Risk Assessment and Risk Self Control Assessment - RCSAs, writing/reviewing Risk Acceptances)
• 5+ years of working experience with IT Asset Management - Software and Hardware, End of Life Management
• 2-3+ years of working knowledge of Vulnerability and Patch Management
• Experience delivering presentations to stakeholders and individuals at various levels - PowerPoint etc.

NOTE: HM is looking for a candidate with an IT Risk background, not 2nd line or Audit.

Nice-To-Have Skills:

• Data Loss Prevention (DLP)

Best vs. Average Candidate:

• Experience with risk assessment and RCSA
• US regulatory background (FFIEC, DFS)

Education:

Post-secondary degree in a technical field such as computer science, computer engineering or related IT field is an asset.

Candidate Review & Selection

• 1st round MS Teams video interview - Panel with hiring manager and 2 team members (45 minutes)
• Potential 2nd round interview
• 70% technical skills and 30% soft skills