Barclay Simpson
Montreal, QC
Information Security Analyst required for market-leading financial services firm. The role be focused on supporting their GRC function and assisting with certification of ISO27001 Role Overview
- Support the development, implementation, and maintenance of information security policies, procedures, and standards.
- Support the establishment and enforcement of information security best practices and controls across the Global Executive Office and Member Firms.
- Provide support and expertise to ensure the confidentiality, integrity, and availability of company data and systems.
- Mentor and guide junior team members in information security best practices
Key Responsibilities
- Contribute to the development of a cybersecurity-oriented culture within the global network.
- Support the definition of information security standards, policies and procedures for both Global Executive Office and the wider Network.
- Support the monitoring and reporting of a global Information Security Management System (ISMS) across 100 different locations to ensure compliance with the requirements of ISO27001.
- Support the recertification process to ISO27001:2022, coordinating the migration across 100 different locations.
- Conduct due diligence and assessments of third-party and Member Firm information security policies, standards, controls, and assurance.
- Assess security risks and track remediation activities for the global network.
- Provide advice and guidance on improvements and remediation actions to enhance security posture.
- Assess and manage third-party vendor security risks with respect to the Global Executive Office.
- Support the mentorship of the information security governance team members to foster a culture of collaboration, learning, and excellence within the team.
Skills, Knowledge, and Experience
- Professional certifications such as CISSP, CRISC, CISM, or CISA are highly desirable.
- Experience in information security, including hands-on technical expertise, along with a proven track record in team management and leadership.
- Strong knowledge of information security frameworks, standards, and best practices.
- Excellent communication and interpersonal skills.
- Experience with information security and IT Audit, Risk, and Technology Assurance.
- Excellent knowledge and understanding of information security risks and threats, with the ability effectively communicate and collaborate with stakeholders to identify potential areas for improvement.
- Proficiency in the concise communication of security concepts to a broad audience while demonstrating their relevance to business value.
- Proficiency in engaging stakeholders at all levels, interacting with individuals from diverse backgrounds, including those from business and technical domains, both internally and externally facing.
- Familiarity with security frameworks such as ISO27001 and the NIST Cyber Security Framework.
- Desirable understanding of data privacy regulations, e.g. GDPR.
IND123#J-18808-Ljbffr