We are hiring for our client in the financial services industry.
Duration: 6 months (extendable)
Job Type: Hybrid ( 3 days onsite)
Responsibilities:
- Conduct information security risk assessments for IT projects, technologies, and actuarial business processes.
- Provide risk assessment, remediation, and findings management while collaborating with IT and delivery teams.
- Utilize GRC tools for issue identification, tracking, and resolution.
- Work as part of the second and third lines of defense, ensuring compliance with security policies and standards.
- Collaborate with privacy, risk compliance, and operational teams to manage security risks.
- Define and implement security controls for cloud environments (IaaS, PaaS) and on-premises systems.
- Ensure compliance with regulatory frameworks, including NIST, COBIT, OSFI B-10, and financial industry standards.
- Support security governance, risk management, and reporting activities.
- Provide training and guidance to stakeholders on risk assessment processes.
Requirements:
- Minimum 5 years of experience in information security, IT risk management, or cybersecurity.
- Strong knowledge of cloud security (IaaS, PaaS), GRC tools, and security frameworks (NIST, COBIT, ISO 27001, OSFI B-10).
- Experience in second-line defense within a security risk management function.
- Background in financial industry security risk management is preferred.
- Strong communication, analytical, and problem-solving skills.
- Relevant certifications (CISSP, CISA, CISM) preferred.
- Familiarity with NIFT and regulatory compliance standards is an asset.
