Position: GRC Analyst (3rd Party Risk Assessments)
Location: Toronto / Remote
Job Type: 6+ months contract, full-time
Our Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a GRC Analyst, who has done full-cycle 3rd party/ vendor risk assessments (TPRM) to support the Information Security Risk Management and Governance programs.
Your New Role:
You will collaborate with technology and business stakeholders to identify, assess, and monitor security risks for IT as well as Operational Technology (OT) systems. This involves conducting gap analyses, auditing and creating governance frameworks, developing and communicating risk mitigation strategies, engaging in the implementation of risk and governance technology tools, and ensuring compliance with Information Security policies. You will maintain an up-to-date understanding of emerging trends in IT/OT risks and threat vectors; apply new techniques in-line with overall Information Security objectives and risk tolerance of the organization.
Key Requirements:
- 3+ years of experience in Information Security risk management and/ or cybersecurity space.
- Hands-n experience conducting Third Party Risk Assessments and Audit.
- Audit experience with PCI DSS, SOC2, and/or other compliance standards.
- Familiarity with OT systems/technologies and their attack vectors.
- Understanding of security technologies in enterprises, both on-premise and in the Cloud.
- Understanding of Information Security and Risk Management frameworks (SOC2, ISO27001, ISO27005, NIST CSF, NIST 800-30).
- Strong knowledge of Information Security controls for Mobile, IoT, Cloud, Applications, Network, and System infrastructure.
- Deep understanding of computer security, laws, and regulations along with knowledge of legal and regulatory compliance standards (PCI-DSS, GDPR, CCPA, PIPEDA).
- Experience authoring technical documentation.
- Proven ability to align risk mitigation recommendations with overall strategy and budget.
- Excellent spoken and written communication skills with ability to present risk and governance matters with non-technical stakeholders.
Interested? Please submit your resume to Shubham Sharma at shubham.sharma@quantum-qtr.com .