Senior Analyst, Governance, Risk & Compliance

Purpose of the Job
In this role, you will play a pivotal part in ensuring the maintenance of governance and compliance documents, managing our control library, and supporting various audit and assessment activities. This role requires a subject matter expertise in Cyber Risk & Compliance management as this role will be responsible for building processes and capabilities that align with organization structure and culture while ensuring sufficient maturity of Cyber Risk management practices. Your primary responsibilities will include Cyber Risk exceptions management and risk appetite and tolerance limit monitoring and reporting, facilitating security exceptions and risk acceptance process, operationalizing EQB’s Cyber Control Framework management processes, aiding in internal and external audits, and supporting the due diligence process for third-party onboarding. Additionally, you will contribute to annual PCI-DSS activities and play a key role in the tracking and reporting of team metrics.

Main Activities:

• Support the maintenance of governance and compliance documents.
• Manage the control library to ensure up-to-date and accurate information.
• Perform Cyber Risk quantification and analysis to drive risk-informed business decision making.
• Develop and apply statistical and quantitative models to assess cyber threats' likelihood and potential financial impact.
• Contribute to developing risk mitigation strategies by identifying and prioritizing high-risk areas.
• Support the security exception process by documenting, tracking, monitoring, and reporting on exceptions, with integrated quantitative analysis.
• Assist in internal and external audits by gathering and organizing evidence.
• Follow up on audit activities to ensure timely resolution.
• Support the due diligence process for third-party onboarding activities.
• Manage security risks for assigned portfolio to ensure that action/mitigation plans are defined and actioned in-time.
• Escalate outstanding risks as required.
• Assist in running annual PCI-DSS assessment activities.
• Play a vital role in tracking and reporting team metrics.
• Actively contribute to the continual improvement of security governance, risk, and compliance.
• Participate in activities to identify improvements, including internal measurement practices, security practice reviews, and internal/external audits.
• Stay current on the cyber security threat landscape, including the latest attacker tactics, techniques and procedures, and the controls that may serve as effective countermeasures.

Knowledge/Skill Requirements:

• A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
• Minimum of 5-7 years of relevant work experience.
• Hands on experience in supporting internal and external audits.
• Relevant certifications in governance, risk, and compliance are preferred.
• The following certifications are preferred: Open FAIR certification, CCSP, CCSK, CISM, CISSP, or CRISC.
• Solid understanding and experience with PCI DSS.
• Solid understanding of security threats and the security practices that are employed to defend against those threats.
• Experience working in a banking or financial services environment is an asset.
• Familiarity with security metrics and quantitative analysis tools (e.g. FAIR, Monte Carlo Analysis).

Communication Skills:
• Excellent interpersonal skills, with proven track record of developing relationships and communicating conceptual information effectively to individuals unfamiliar with subject material.
• Strong organizational skills: demonstrated ability to manage time and adhere to tight deadlines.

Accountability:
• Reporting to and responsible for supporting the Cyber, Governance and Compliance manager and indirectly to the Chief Information Security Officer.
• Makes decisions independently and contributes to the overall long-term performance of the security team.
• Accountable for the day-to-day operations and performance within the Cyber Governance, Risk and Compliance domain.
• Prioritize multiple competing priorities within restricted time constraints.
• Decisions made by the incumbent impact on the security of the bank.
• The incumbent will be required to work with suppliers who provide solutions, services and/or support to the bank.