Information Risk Management Analyst II

Job Title: Information Risk Management Analyst II
Location: Toronto, ON (Hybrid)
Estimated Duration: 3 Months

Summary:
This role will support the business and technology teams in complying with organizational and regulatory guidelines and best practices towards enhancing the resilience of critical operations and services. Activities will support the continuity of critical business operations.
The role will also participate in key projects and initiatives ensuring operational and information risk is always considered and managed, and will work with other teams including Information Security, Information Protection and Vendor Risk Management to provide comprehensive Information Risk Management to the company.

Job Responsibilities:

• Serve as a Group Functions Technology contact for information and cybersecurity requirements.
• Empower technology teams to identify and manage their information and cybersecurity risks effectively.
• Lead and participate in key projects and initiatives, ensuring that information and cybersecurity risk is consistently considered and handled.
• Support L2 and L3 reviews of risk program practices

Skills:

• Cybersecurity
• Security Monitoring
• Vulnerability Assessment
• Penetration Testing
• Threat Modeling
• Security Risk Assessment
• Risk Management
• Security Testing

Education/Experience:

• A bachelor's degree would be an added advantage with 5+ years of relevant experience.
• Professional certifications (CISSP, CSSLP, OSCP) or equivalent industry-recognized security certifications.
• Financial Services industry experience preferred.

Story Behind the Need – Business Group & Key Projects:
Key Projects/Day-to-Day Responsibilities:

• Act as a contact for information and cybersecurity requirements within Group Functions Technology.
• Support information and cybersecurity efforts aligned with client’s standards.
• Lead and participate in key initiatives with a focus on information and cybersecurity risk.

Value added or experience gained –

• Deep understanding of information and cybersecurity frameworks.
• Hands-on experience with information and cybersecurity tools and regulatory compliance.
• Enhanced stakeholder management and cross-functional coordination skills.

Candidate Requirements

• Strong understanding of information security controls, vulnerability management, and risk management frameworks (NIST CSF, ISO 27001/27002).
• Proficiency in security tools such as SIEM, IDS/IPS, endpoint protection, and vulnerability scanning tools.
• Knowledge of cybersecurity principles, internal controls, and risk management tools.
• Proficiency in data visualization tools (Tableau, Power BI) and statistical data analysis.
• Hands on experience with tools such as JIRA, Confluence, and Microsoft 365.
• Experience with cybersecurity assessment frameworks (PTES, OWASP, OSSTM) and penetration testing.
• Understanding of legal and regulatory requirements related to cybersecurity and IT governance.
• Excellent communication skills to effectively convey risk assessments and security recommendations.
• Knowledge of ticketing and tracking tools such as ServiceNow – Security Operations, GRC systems like Archer.
• Understanding of legal and regulatory requirements related to technology risk management Familiarity with cybersecurity governance frameworks and their implementation
• Knowledge of statistical data analysis and reporting toolsets
• In-depth knowledge of risk assessment methodologies and risk management frameworks.
• Proficiency in using risk assessment tools and software.

Nice-to-have Skills –

• Financial services industry experience
• Experience in user education and training

Years of Experience: 5+ years of relevant experience in information and cybersecurity, or risk management.
Degrees/Certifications Required: Bachelor’s degree preferred.