Our client is a leader in its industry and is considered one of the top 25 most engaged companies globally.

Operational Technology - OT GRC Security Risk Analyst

Contract Position: 6 months to start

Hybrid

The Information Security Risk and Governance Analyst supports the Information Security Risk Management and Governance programs. The candidate will work with technology and business.
Stakeholders are to identify information security risks, conduct risk assessments, recommend risk mitigation strategies, and monitor identified risks throughout their lifecycle. They will contribute to the
creation of management reporting to convey the status of Information Security risks and governance metrics across the organization.

This role requires a basic understanding and a willingness to learn about Information Security, Governance, Risk, and Compliance standards and controls across a broad range of technologies and
platforms.

You will have experience supporting BAS - Building Automation Systems and BACnet - Building Automation and Control Networks. Must have experience in Operational Technology

JOB ACCOUNTABILITIES:
Understand Information Security risks pertinent to the organization's business goals and work with various departments to identify, measure, monitor, and report on risk based on information assets.
Develop, document, and communicate risk mitigation strategies to risk owners; document and monitor the implementation of security controls and adjust risk rating accordingly.
Engage in the Implementation and operation of risk and governance technology tools and processes to enhance the effectiveness of the practice.
Contribute to the development of new Information Security policies; ensure all existing policies and related documents are up-to-date.
Provide support for internal and external audits, including the collection of requested artifacts, review and prioritization of findings and recommendations.
Maintain an up-to-date understanding of emerging trends in Information Security risks and threat vectors; apply new techniques in-line with overall Information Security objectives and risk tolerance
of the organization.
Work with internal stakeholders to develop strategies and implementation plans to enforce Information Security requirements and address identified risks.

SCOPE OF RESPONSIBILITY:
Identification, assessment, and monitoring of Information Security risks.
Recommendation of compensating controls to reduce inherent risks to an acceptable level. Support for security audits, prioritization and remediation of identified gaps.
Creation and maintenance of Information Security policies and other risk and governance
documentation.
Implementation and operation of risk and governance technology tools and processes.
Maintenance of Third-Party Risk Management program.
Collaboration with different stakeholders to manage Information Security risks in a timely matter
Other responsibilities as assigned by management.

EDUCATION AND EXPERIENCE REQUIREMENTS:
Post-secondary degree in Computer Science or equivalent combination of education and experience that satisfies the position's requirements.
Minimum 1 to 3 years of progressive responsibilities in developing and supporting Information Security risk management programs.
Knowledge of Information Security controls for Mobile, IoT, Cloud, Applications, Network, and System infrastructure.
Experience or knowledge with RSA Archer GRC tool or equivalent is an asset.
Understanding security technologies commonly used in enterprises to protect information systems, both on-premise and in the Cloud. Hands-on design, implementation, and management of
variety of security technologies are strong assets.
Understanding of Information Security and Risk Management frameworks like SOC2, ISO27001, ISO27005, NIST CSF, and NIST 800-30.
Understanding of legal and regulatory compliance standards and requirements like PCI-DSS, GDPR, CCPA, and PIPEDA.
Audit experience with PCI DSS, SOC2, and/or other compliance and regulatory standards is an asset.
Desire to achieve or currently maintain CISSP, CISA, CRISC and other security certifications a strong asset

#J-18808-Ljbffr