Cybersecurity GRC Analyst (Security Specialist)
· Pay Rate: (flexible)
· Location: Toronto ON
· Contract Length: 2 years
We at Raise are hiring right now for one of our Government Sector Clients. If you’re interested, apply below for your chance to join a great place to work.
RESPONSIBILITIES
1. Conduct comprehensive security and privacy risk assessments of new and existing information systems, networks and infrastructure to identify potential vulnerabilities, threats, and risks. This involves analyzing security controls, performing vulnerability assessments, and evaluating security architecture to determine potential risks
2. Recommend controls to mitigate security risks identified through the risk assessment process and communicate risk findings that are clear and actionable by relevant stakeholders.
3. Identify, assess, manage, and monitor cybersecurity and privacy risks that could materially impact TTC and provide focused predictive risk analytics on business objectives to de-risk strategies, optimize capital use & accelerate revenues.
4. Develop, enhance and communicate security governance frameworks, policies, standards and procedures across the TTC. Establish guidelines and best practices to support TTC’s security objectives and ensure alignment with industry standards and regulatory requirements.
5. Design and document technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that the TTC meets both the requirements and intent of its regulatory and compliance obligations
6. Perform periodic gap assessments of the information security program to validate compliance on an ongoing basis, facilitate remediation of control gaps and escalate critical issues to leadership
7. Manage exception review and approval process, and ensure exceptions are documented and reviewed periodically
8. Ensure compliance with relevant regulatory frameworks, industry standards, and internal policies. Monitor and assess TTC’s compliance with these regulations and recommend strategies for maintaining compliance. Collaborate with stakeholders to address any compliance gaps and provide recommendations for improvement.
9. Perform 3rd party due diligence (initial risk assessment before commencement of services and on-going risk-based monitoring) for adherence to TTC security standards
10. Review of information security sections of procurement documents (e.g. RFI/RFP, MPSA, Contracts, and POs) identify gaps and recommend security and data privacy content to close gaps.
11. Maintain inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities
Mandatory Requirements/Skills/Certifications
• Hybrid Work – 2 to 3 days in office.
• University degree in Computer Science, Information Security, Cybersecurity, or a related field as well as considerable Cybersecurity risk management experience or the equivalent combination of education and experience.
• 7+ years of relevant Cybersecurity experience in Governance, Risk and Compliance
• 5+ years of relevant experience with conducting Privacy Risks Assessments and Privacy Impact Assessments
• 10+ years of Information Technology experience
• Significant experience with security frameworks and standards (such as NIST CSF, ISO/IEC 27001/27002, ISA/IEC 62443, NERC CIP, CIS Controls, SOC2, etc.) and Risk Management frameworks
• Demonstrated experience with and development / refresh of Cybersecurity policies, standards and procedures
• In-depth understanding and application of relevant Canadian regulations such as PHIPA, MFIPPA, Canada’s antispam legislation (CASL), Critical Cyber Systems Protection Act (CCSPA), Enhancing Digital Security & Trust Act, etc
• Any one of the following certifications is required:
– Certified in Risk and Information Systems Control (CRISC)
– Certified Information Systems Security Professional (CISSP)
Other Skills/Certifications
• Strong background in enterprise IT and Security Architecture, including cloud, hybrid, and OT/industrial environments
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP, SAMLv2, OAuth, and SSL/TLS
• Strong understanding of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
• Excellent written & verbal communications skills (communicating at all levels with internal & external stakeholders) with fastidious attention to detail
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Strong analytical, problem-solving and troubleshooting skills
• An understanding of organizational mission, values, goals and consistent application of this knowledge
• Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
• Experience implementing and using relevant tools for security risk assessment and risk management
Looking for meaningful work? We can help
Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.
We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.
We have a dedicated webpage for accommodations where you can learn more about what we offer, and request accommodation: https://raise.jobs/accommodations/
In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or another job posting by Raise (or have any other questions), please contact us at +1 800-567-9675 or hello@raiserecruiting.com