Cyber Training Canada

Fully hybrid with no mandatory days in the office.

The Opportunity: Under supervision, executes the design, management, implementation and monitoring of the IT Risk and Compliance program at the organization and audits/client assessments to ensure compliance with Regulatory and client requirements. Engage various stakeholders for mitigating and managing IT risks. Assists in execution of enterprise wide technology controls through control design and effectiveness testing. Assists in maintaining and monitoring IT Risk and Control governance and compliance related processes, procedures and controls in order to improve the IT control environment, in accordance with our IT Compliance Framework, IT Risk Policy and Information Security Policy.

About The Role

• Under supervision of manager or senior IT Risk and Compliance analysts, execute the design, management, implementation and monitoring of IT Risk and Compliance program to manage risk in accordance with policies and procedures and within risk tolerance level and client MSAs requirements. Assist in development of risk mitigation plan to mitigate/eliminate any identified risk. Under supervision, conduct IT risk assessments as per IT Risk Policy and risk assessment reports.
• Under the guidance of manager and/or senior IT Risk and Compliance analyst, prepare and evolve periodic IT Risk Management Reports, including Risk Profiles, KRIs, KPIs and dashboards for all technology domains to management.
• Assist in annual security planning by maintaining the risk register and providing analysis of trending related to KRI’s.
• Assist in ongoing review risk trends and report (as required) to applicable information custodians and manager.
• Track and report completion of action plans; provide status update to manager / information custodians on completion of action plans.
• Under supervision of manager or senior IT Risk and Compliance analyst, participate in the review, maintenance and implementation of policies, frameworks and standards, including information security policy, IT risk policy, Information Security standards and IT Compliance Framework to ensure IT compliance and governance and effectively manage IT risk for Symcor and clients.
• Collect, review and organize evidence in preparation of the client/external/internal audit compliance review meetings.
• Review the client/external/internal audit assessment reports and solicit responses/management plans from relevant internal teams.
• Communicate the management responses to the applicable external/internal reviewers.
• Under supervision, execute, test and monitor IT controls to identify gaps and ensure compliance with IT policies, procedures and standards. Assess risk associated with control gaps and assist in engaging management and key stakeholders to develop and implement remediation plans within established timeframes based on the risk identified.
• Prepare and evolve periodic IT compliance management reports and dashboards
• Communicate testing progress reports (as required) to applicable control owners, and manager.
• Under supervision of the manager or senior IT Risk and Compliance analyst, assist in the roll out / facilitation of the information security awareness training program in collaboration with HR to educate Symcor employees and raise awareness regarding information security and IT risk.
• Under supervision of manager or senior IT Risk and Compliance analyst, provide timely delivery and support to Information Security Operations team, as assigned to ensure control effectiveness for applicable processes.
• Execute firewall rule review and approval process.
• Monitor data leakage prevention and follow-ups.
• Review and manage privileged id request and approval.
• Coordinate execution of internal and external penetration testing.
• Manage SSL Certificate for internal and external clients.

What You Need To Succeed:

Education:

• Completion of a post-secondary college diploma or university degree in a related discipline or a combination of education, training and experience deemed to be equivalent.
• Working towards achieving Information Security/IT Risk Certification (i.e., CISA, CISSP, CISM, CRISC, CIA, CGEIT or similar certification)