Title: IT Analyst IILocation - Calgary, AB only
Duration: 12 Months (with possibility of extension)
Description:
High-Level Description
With an in depth knowledge of technology governance, risk and compliance, this position will support the Supervisor of TIS GRC specifically areas relating to governance, risk management and compliance activities. The primary focus of this role includes liaison and coordination of TIS risk and assurance engagements, monitoring status of management action plans, may include reporting of audit compliance and risk management performance activities to various levels of management in TIS, and support risk assurance activites within GRC.
Specific Accountabilities
Governance
• Configure and maintain governance, risk and compliance capabilities within the team’s GRC application.
• Responsible for the collection of metrics, providing data assurance and reporting related to the Cybersecurity Governance Program including the Cybersecurity Control Framework and CISO exception reporting.
• Provide control gap analysis based on the metrics collection with recommendations for improvement.
• Acting as a subject matter expert, the Advisor will oversee and participate in the development and review of cybersecurity policies and standards.
• Responsible to update and track any required changes to policies and standards identified by external requirements.
• Recommend and lead the creation of new controls or metrics to address specific security threats and regulatory requirements.
Risk
• Ensure the Enterprise Risk Management process is followed when identifying, risk ranking and tracking to closure for all Technology and Cyber related risks. Escalating to SME’s in respective areas for action and mitigation.
• Work closely with the Security Advisory team to ensure risks are appropriately ranked and reviewed before processing exceptions.
• Presenting GRC metrics to Cybersecurity and Business Unit Leadership to ensure they are aware of their risks and obligations.
• Perform the regular tracking of risks and ensure all items are managed efficiently with minimal overdues
• Liase with vendor SME’s to track application related threat and risks as required
Compliance
• Supporting the Supervisor of Governance Risk and Compliance and on key compliance areas CISO engagement in the areas of Internal Audit, SOX and Policy Compliance
• Be a key contributor for establishing common approaches for monitoring of compliance efforts, remediation of control gaps and continuous improvement for processes.
• Act as a liaison and SME for managing all technology focused audits
• Ensure all audit remediation and management actions plans are tracked on an ongoing basis with no overdue items
Relationship Management
• Engage with TIS control owners and subject matter expert to drive value and compliance within client and operate as point of contact and coordinate cybersecurity assurance activities and BU level risk management activities;
• Key point of contact within TIS on risk remediation and propose/discuss risk response with other members of TIS and cybersecurity team(s).
Continuous Improvement
• Provide recommendations for improving existing processes related to in the review of policies, standards, cybersecurity controls and metrics.
Scope/Dimensions
• Participate in providing recommendations for team objectives. Be a key contributor in measuring the success for those objectives in accordance with TIS goals and objectives, business area goals, and client strategic direction.
• This role is frequently engaged with TIS subject matter experts, Cybersecurity and others across the enterprise.
• Work closely with TIS GRC staff to deliver the Governance, Risk and Compliance function consistently across TIS
• Independently executes processes and procedures to deliver GRC services within TIS
• Contribute as part of multi-disciplinary team ensuring client compliance goals are achieved
• Responsible for developing and implementing recommendations impacting critical TIS GRC matters
• Convey specialized compliance knowledge across TIS and be recognized as the specialized expert in the areas of governance and risk management
• Represents and act as a role model of client culture and values of safety, integrity, respect, inclusion & high performance
Knowledge, Skills & Abilities
Required:
• University degree in Computer Sciences, Engineering, Business or related disciplines
• A minimum of 5 + years of progressive hands-on experience in the field of information security, IT governance, compliance, cyber security, audit/assurance & risk management
• Working knowledge of cyber security and risk management best practice
• Ability to manage concurrent initiatives and conflicting priorities
• Highly disciplined and professional in regard to handling confidential information;
• Demonstrated understanding of various compliance and quality assurance roles;
• Ability to effectively interact with personnel involved in policy, technical, operational, and program management work;
• Excellent communication skills including technical and business writing, documentation and presentation skills;
Preferred:
• Working knowledge of cyber policies and procedures
• Working knowledge of cyber security standards, frameworks and regulations including but not limited to NIST, ISO 27001 and 27002, NERC and SOX is desired.
• Possession or working toward achieving the following professional qualifications: CISSP, CRISC, or CISA.
Working Conditions
• Work is primarily in an office environment
• This role can be expected to travel approximately once every 6 months, usually to other locations
• High workload level due to the scope and breadth of the organization
• Fast-paced environment demanding a high degree of accuracy within tight deadlines
