Cybersecurity GRC Analyst (Security Specialist)
Location: Toronto, ON_ Hybrid 2-3 days onsite/week
Anticipated Duration: Twenty-three (23) Months
Standard Hours: 35 Hour/week
Duration of Potential Extension: Eleven (11) Months
Mandatory Requirements/Skills/Certifications
- University degree in Computer Science, Information Security, Cybersecurity, or a related field as well as considerable Cybersecurity risk management experience or the equivalent combination of education and experience.
- 7+ years of relevant Cybersecurity experience in Governance, Risk and Compliance
- 5+ years of relevant experience with conducting Privacy Risks Assessments and Privacy Impact Assessments
- 10+ years of Information Technology experience
- Significant experience with security frameworks and standards (such as NIST CSF, ISO/IEC 27001/27002, ISA/IEC 62443, NERC CIP, CIS Controls, SOC2, etc.) and Risk Management frameworks
- Demonstrated experience with and development / refresh of Cybersecurity policies, standards and procedures
- In-depth understanding and application of relevant Canadian regulations such as PHIPA, MFIPPA, Canada’s antispam legislation (CASL), Critical Cyber Systems Protection Act (CCSPA), Enhancing Digital Security & Trust Act, etc
- Any one of the following certifications is required:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Security Professional (CISSP)
Other Skills/Certifications
- Strong background in enterprise IT and Security Architecture, including cloud, hybrid, and OT/industrial environments
- Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP, SAMLv2, OAuth, and SSL/TLS
- Strong understanding of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
- Excellent written & verbal communications skills (communicating at all levels with internal & external stakeholders) with fastidious attention to detail
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- Strong analytical, problem-solving and troubleshooting skills
- An understanding of organizational mission, values, goals and consistent application of this knowledge
- Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
- Experience implementing and using relevant tools for security risk assessment and risk management
