Senior Analyst, Governance, Risk & Compliance
Toronto
Equitable Bank
At Equitable Bank, we specialize in providing branchless financial services that meet the unique needs of all Canadians. Our range of mortgages, savings accounts and investment options are designed to offer the right solutions to match any...
Purpose of the Job
In this role, you will play a pivotal part in ensuring the maintenance of governance and compliance documents, managing our control library, and supporting various audit and assessment activities. This role requires a subject matter expertise in Cyber Risk & Compliance management as this role will be responsible for building processes and capabilities that align with organization structure and culture while ensuring sufficient maturity of Cyber Risk management practices. Your primary responsibilities will include Cyber Risk exceptions management and risk appetite and tolerance limit monitoring and reporting, facilitating security exceptions and risk acceptance process, operationalizing EQB’s Cyber Control Framework management processes, aiding in internal and external audits, and supporting the due diligence process for third-party onboarding. Additionally, you will contribute to annual PCI-DSS activities and play a key role in the tracking and reporting of team metrics.
In this role, you will play a pivotal part in ensuring the maintenance of governance and compliance documents, managing our control library, and supporting various audit and assessment activities. This role requires a subject matter expertise in Cyber Risk & Compliance management as this role will be responsible for building processes and capabilities that align with organization structure and culture while ensuring sufficient maturity of Cyber Risk management practices. Your primary responsibilities will include Cyber Risk exceptions management and risk appetite and tolerance limit monitoring and reporting, facilitating security exceptions and risk acceptance process, operationalizing EQB’s Cyber Control Framework management processes, aiding in internal and external audits, and supporting the due diligence process for third-party onboarding. Additionally, you will contribute to annual PCI-DSS activities and play a key role in the tracking and reporting of team metrics.
Main Activities:
- Support the maintenance of governance and compliance documents.
- Manage the control library to ensure up-to-date and accurate information.
- Perform Cyber Risk quantification and analysis to drive risk-informed business decision making.
- Develop and apply statistical and quantitative models to assess cyber threats' likelihood and potential financial impact.
- Contribute to developing risk mitigation strategies by identifying and prioritizing high-risk areas.
- Support the security exception process by documenting, tracking, monitoring, and reporting on exceptions, with integrated quantitative analysis.
- Assist in internal and external audits by gathering and organizing evidence.
- Follow up on audit activities to ensure timely resolution.
- Support the due diligence process for third-party onboarding activities.
- Manage security risks for assigned portfolio to ensure that action/mitigation plans are defined and actioned in-time.
- Escalate outstanding risks as required.
- Assist in running annual PCI-DSS assessment activities.
- Play a vital role in tracking and reporting team metrics.
- Actively contribute to the continual improvement of security governance, risk, and compliance.
- Participate in activities to identify improvements, including internal measurement practices, security practice reviews, and internal/external audits.
- Stay current on the cyber security threat landscape, including the latest attacker tactics, techniques and procedures, and the controls that may serve as effective countermeasures.
Knowledge/Skill Requirements:
- A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
- Minimum of 5-7 years of relevant work experience.
- Hands on experience in supporting internal and external audits.
- Relevant certifications in governance, risk, and compliance are preferred.
- The following certifications are preferred: Open FAIR certification, CCSP, CCSK, CISM, CISSP, or CRISC.
- Solid understanding and experience with PCI DSS.
- Solid understanding of security threats and the security practices that are employed to defend against those threats.
- Experience working in a banking or financial services environment is an asset.
- Familiarity with security metrics and quantitative analysis tools (e.g. FAIR, Monte Carlo Analysis).
- Excellent interpersonal skills, with proven track record of developing relationships and communicating conceptual information effectively to individuals unfamiliar with subject material.
- Strong organizational skills: demonstrated ability to manage time and adhere to tight deadlines.
- Reporting to and responsible for supporting the Cyber, Governance and Compliance manager and indirectly to the Chief Information Security Officer.
- Makes decisions independently and contributes to the overall long-term performance of the security team.
- Accountable for the day-to-day operations and performance within the Cyber Governance, Risk and Compliance domain.
- Prioritize multiple competing priorities within restricted time constraints.
- Decisions made by the incumbent impact on the security of the bank.
- The incumbent will be required to work with suppliers who provide solutions, services and/or support to the bank.
Communication Skills:
Accountability:
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
2
1
0
Categories:
Analyst Jobs
Compliance Jobs
Tags: Audits Banking CCSK CCSP CISM CISO CISSP Compliance Computer Science CRISC Governance Monitoring PCI DSS Risk management
Perks/benefits: Team events
Region:
North America
Country:
Canada
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Architect jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Threat intelligence-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs