JOB SUMMARY:
To provide expert guidance, advice, and operational support for the client’s cyber risk management program, ensuring robust protection against cyber threats. This role also supports the Chief Information Security Officer’s (CISO) mandate, advancing the client’s cyber vision and strategy.
Key responsibilities include identifying, assessing, and mitigating cyber risks for the client, its agencies, and corporations. The role involves close collaboration with cross-functional teams to ensure that cyber practices align with industry standards and regulatory requirements.
MAJOR RESPONSIBILITIES:
- Supports the implementation of a risk management strategy including the development of supporting methodologies and practices relating to a cyber risk management framework for the client.
- Conducts thorough assessments of potential cyber threats, vulnerabilities, and risks to the information systems and data.
- Maintains a comprehensive risk register and library, prioritizing risks based on their potential impact and likelihood.
- Supports remediation roadmaps using NIST frameworks to enhance cyber security maturity of the client’s divisions and its agencies and corporations.
- Reviews implementation plans for risk remediation.
- Monitors the effectiveness of existing cyber measures and recommends enhancements to reduce risk exposure.
- Facilitates and coordinates closure of audit findings.
- Schedules regular assessments and testing of effectiveness and efficiency of controls and create GRC reports.
- Assess, and implements information cyber controls and procedures required to protect the confidentiality, integrity, and availability of information.
- Builds collaborative and productive working relationships across the organization to establish, maintain, and continuously improve cyber risk management capabilities and promote risk awareness and intelligent risk-taking.
- Develops artifacts to support the implementation of a risk management program.
- Maintains accurate documentation of risk management processes, assessments, and response activities.
QUALIFICATIONS/CERTIFICATIONS:
- Post-secondary degree in Business or Technology or a related discipline.
- Extensive experience conducting risk assessments based on NIST cyber security framework and related standards.
- Strong knowledge of elements of risk, including vulnerability, threat, likelihood, impact, mitigation, remediation, and understanding the implications of cyber risk to the ability of an entity to achieve its business objectives.
- Expertise working within an Information Security or Governance, Risk & Compliance (GRC) function.
- Experience in conducting third-party assessments, especially on small and medium-sized service providers.
- Experience in scoping, supporting and reviewing SOC 2 Type II reports and SOC 27001 certification.
- Experience developing and assisting with the implementing of cyber policies and standards.
- Preferred Certifications (at least two in the list): CISSP, CISA, CISM, CRISC, CCSP
SKILLS:
- Ability to communicate cyber risks and their implications clearly regardless of their complexity, relishes challenges, and projects a collaborative persona.
- Skilled at conveying cyber risks to stakeholders at all levels and translating technical details into language that senior executives can readily grasp.
- Ability to work in transformative programs
- Ability to lead efficient communication between all project stakeholders, including internal teams and clients
- Ability to achieve business objectives through influencing and effectively working with key stakeholders.
- Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors).
- Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
- Keen attention to detail and strong organizational skills.
- Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
- Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
- Strong analytical skills and ability to prioritize and multitask.
- Ability to prioritize and effectively manage competing priorities and projects.
- Ability to manage multiple initiatives while adhering to strict deadlines.
- Tenacious and willing to support the team during peak volumes and workloads with various activities.
- Able to work extremely well under pressure while maintaining a high level of professionalism
- Self-motivated team player who takes initiative and can work independently.
- Transferable skills, like communication and decision-making, are equally important.
- Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.
ADDITIONAL COMMENTS/INFORMATION:
A normal work week is 35 hours; however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.
*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.
Equity, DIVERSITY, and Inclusion
The client is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the client’s commitment to employment equity.
ACCOMMODATION
The client is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the client’s Hiring Policies and Accommodation Process.
The pay range that the employer reasonably expects to pay for this position is between CA$128.00 and CA$122,305
Our voluntary benefits offering includes medical, dental, vision and retirement benefits.
Applications will be accepted on an ongoing basis.
Tundra Technical Solutions would like to thank you for the interest you have demonstrated in this opportunity. However, only candidates with the required skills will be contacted.
Tundra Technical Solutions is an Equal Opportunity/Affirmative Action Employer. We welcome and encourage diversity in our workplace.
Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!
Tundra Technical Solutions is among North America’s leading providers of Information Technology and Engineering staffing and consulting services. Our success and our clients’ success are built on a foundation of service excellence. Rather than continually trying to sell to new clients and companies and simply filling databases with candidates, we focus on developing stronger relationships and deeper knowledge of our existing clients’ challenges and opportunities.
Open ears. Open minds. Open futures