Job Title: Business Analyst – Cybersecurity Risk Analyst
Location: Calgary, AB(Hybrid)
Duration: Contract
Rate: 48-50/hr
Cybersecurity Risk Analyst
Our Enterprise Security Office Governance, Risk, Compliance & Resilience team is evolving to meet the needs of our growing business and we are expanding our presence to support improving the security posture of our client. We are seeking an energetic Cybersecurity Risk Analyst on a term contract who is looking to build their knowledge and experience in cybersecurity. You will be responsible for performing risk assessments, enabling compliance with our client policy & standards, and preparing risk reporting.
The opportunity
In collaboration with other security team members, along with IS and business teams, you will be responsible for managing the lifecycle of cybersecurity risk assessments for corporate digital environment, industrial control systems (ICS) environments, and third-parties in addition to identifying current/emerging security risks based on the output of the assessments.
What you’ll do
• Perform cybersecurity risk assessments based on established cybersecurity risk framework and processes
• Facilitate business impact assessment to support cybersecurity risk assessments
• Communicate cybersecurity risk to business owners and managers
• Report on cybersecurity risk and manage their life cycle with stakeholders
• Drive development, implementation and automation of risk management tools and processes
• Identify and analyze complex business and technology risks
• Recommend cost effective and appropriate risk control to reduce cybersecurity risk
• Enter, update, and maintain accurate risk information within the cybersecurity risk register in accordance with established procedures.
• Conduct research to maintain and expand knowledge on the latest cybersecurity controls and standards, as well as the threat and vulnerability landscape
• Manage and provide cybersecurity risk support to project activities across the enterprise
• Collaborate with the Manager GRCR, GRCR team, other Enterprise Security team members, IS teams and business units on all areas related to cybersecurity
• Other tasks as required
Minimum Qualifications
• Bachelor’s degree or technical diploma, preferably in a related discipline such as Computer Science, Information Security, or Computer Engineering
• A minimum of four (4+) or more years of Cybersecurity, Risk Management, or related experience
• Demonstrated understanding of business processes, industry best practices, cybersecurity controls and related standards such as NIST CSF, NIST SP 800 53, and/or ISO/IEC 27001 & 27002.
Preferred Qualifications
• Understanding of network architectures, including on-premise, cloud, and hybrid environments.
• Familiarity with common network components and technologies, such as firewalls, routers, switches, VPNs, and network segmentation.
• Proven experience managing risk (preferably cybersecurity risk) for a large enterprise
• Demonstrated strong understanding of the IT security landscape, including emerging risks and security solutions
• Risk management certifications are considered an asset (e.g. CISA)
• ICS/SCADA experience is considered an asset
• Previous work experience and an overall understanding of the energy industry
• Ability to present ideas and results to technical and non-technical audiences in both verbal and written communications
• Excellent problem-solving skills and ability to resolve complex issues and lead intermediate application development projects
• Highly self-motivated with a passion for risk, safety, and cybersecurity
• Strong prioritization skills with an always-on attitude and obsessed with delivering business outcomes
