Salary:

CybercClan is seeking a Senior Governance, Risk & Compliance (GRC) Analyst contractor/consultant to support the delivery of Risk Management Services (RMS), comprised of Cybersecurity Programs, Compliance Standards, Cybersecurity Frameworks, Cyber Risk Assessments, vCISO Services, Governance Risk & Compliance (GRC), Security Awareness and Training Education. Additionally, this individual will serve as a Subject Matter Expert (SME), mentor the team, and work with external clients. This position requires a motivated, fast learner.

The candidate will be required to support the delivery of all security, risk, compliance-related activities for customer accounts. Maintain and oversee relationships for the delivery organizations providing security support. Provide in-house consultancy on information risk management matters and advise on implementing security controls on the accounts. Regularly, meet with the project manager and/or clients to review security status, review any risks, issues, reports, outstanding activities. This role will require security industry knowledge that evolves with current and emerging threats, risk and compliance frameworks, and an ongoing understanding of key business and technological processes. In addition, this role will assist in improving the risk management services process internal delivery capability and helping build an internal practice with a strong focus on delivery expectations and utilization.

Essential Functions

• Execute cyber security threat, vulnerability, & gap assessments by recognizing all the critical assets & collaborating with the associated stakeholders
• Certify the cyber resistance of the digital infrastructure from organizational awareness, tools, & technologies to human influences
• Development of all cyber security activities required for major infrastructure projects from requirements management, early feasibility phases, through design, test, & commissioning, into the revenue demonstration & operations

• Accomplish & eventually spearhead a team to perform the necessary analysis to deliver all the required evidence to support the project's needs
• Plan, prepare & implement a cyber security testing strategy to confirm the resilience of the digital infrastructure to external & internal threats
• Actively plan, develop, deliver, & implement CyberClan risk management services, governance, risk & compliance frameworks, gap assessments, consulting & other services to support CyberClan's global delivery efforts.
• Develop & implement applicable security policies, procedures & practices
• Conduct risk & privacy assessments of information systems business processes
• Collaborate with clients to ensure that appropriate controls are installed & operating correctly, following the corporate policies. Conduct periodic audits where applicable
• Conduct vulnerability scans & system hardening where applicable
• Act as an external and/or internal information security consultant to the business & technology units, advising on risks, threats & control practices related to Rapid Response.
• Establish security event & incident response playbooks for an effective technical response
  
• Analyze external sources of threat and vulnerability information to identify actions that need to be taken within the enterprise
• Coordinate risk assessment & manage the remediation of findings
• Run & analyze vulnerability & compliance scans to support continuous monitoring reporting & vulnerability management
  
• Provide support during annual recertifications & assessments conducted by third parties
• Document actions in cases to effectively communicate information to internal and/or stakeholders as well as for historical retrieval

Required Skills, Experience, Degrees or Certification

• 8+ years experience in IT and/or information security, risk management, or information security audit experience in an enterprise environment.
• B.S. in Computer Science, Engineering, or equivalent degree
• Strong knowledge in security controls frameworks and the underlying technologies that enable them (endpoint security, firewalls, IDS/IPS, EDR/MDR software, behavioural analytics, anomaly detection, threat intelligence, vulnerability management).
• Experience with ISO 27001, GDRP, NIST, PCI, SOC, CMMC, Cyber Essentials and regulatory compliance program management.
  
• Experience in Secure Enterprise Secure Architecture.
• Experience in incident response and crisis management with the ability to identify tactical and strategic solutions using strong verbal and written communication skills.
• Comfortable with interfacing with other internal or external organizations regarding security policy and standards violations, security controls failure and incident response situations.
• Understanding network, desktop and server technologies, including experience with network intrusion methods, network containment, segregation techniques and technologies such as Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS).
• The ability to learn and apply new concepts quickly.
• Resolves problems independently and/or through a support team.
  
• Must be trustworthy in keeping sensitive data confidential
• These certifications are preferred but not required: Certified Information Security Professional (CISSP), Global Information Assurance Certifications (GIAC), Certified Information Security Auditor (CISA), ISO 27001 Lead-Auditor.
  

Job Type

Contract

Location

100% Telecommuting

The candidate must have legal authorization to work in Canada

% of Travel Required

10-15%

Physical Requirements

Prolonged periods of sitting at a desk and working on a computer.

CyberClan is an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status

remote work