Job Description
We have an opportunity for an Information Security GRC Analyst to join our IT department. You will report into the Information Security GRC Manager and will be responsible for ensuring the effective day to day management of tasks and processes related to information security governance, risk and compliance.
This role includes responsibilities such as developing and managing the information security risk register, evaluating security and privacy risks, risk remediation plans, balancing business drivers, best practices, and external drivers. You will assist in the creation and maintenance of information security standards and technical specifications in collaboration with the Information Security Architect. You will also produce insightful and high-quality management information for reporting into the Information Security Group and the Operations Committee. The role also involves manging compliance control self-assessments and questionnaires from regulators, head office and customers as well as assisting in the design of security controls and providing input to projects from the early stages of idea development.
The successful candidate will have demonstrable experience within information security with a bachelor’s or master’s degree in Computer Science, Information Security or equivalent. You must also have experience with compliance frameworks (ISO27001, NIST, SOX) with a good understanding of security sub-systems (e.g., firewalls, IDS/IPS, DLP). The successful candidate will be able to convey complex information simply and will also have strong interpersonal and consultative skills.
Job Types: Full-time, Permanent