Are you an Information Security Compliance Analyst who has between 3 to 5 years of experience in this field and is now looking to move to a new company where you will have total responsibility for all their security compliance requirements, ensuring new systems implemented are properly secured and any potential risks are raised to management in a timely manner? If yes then please read on…..
Our client is looking for someone to join them to ensure that not only are the systems all compliant from a security perspective but you will also be developing ongoing security awareness training for all areas of the organisation and ensure this training is conducted on a frequent basis.
Expected duties and experience:
• Participate in planning, scheduling and preliminary analysis for all internal and external audit projects
• Coordinate internal and external audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach and deliverables
• Keep existing policies and procedures aligned with audit and security requirements
• Develop value added recommendations to deal with issues identified during assigned audits and draft audit reports to formally communicate the results of the audit and related recommendations
• Monitor implementation of outstanding audit recommendations and validate their implementation
• Good understanding of audit process/methodology, and risk management/advisory ability
• Experience in using a risk-based audit approach in evaluations of and recommendations for management processes
• Review daily threat matrix and provide appropriate reporting and escalations
• Request and review vendors auditing documentation to ensure alignment with Canada Guaranty internal controls and provide assessments and recommendations
• Design, deliver and manage an Information Security Awareness Training program
• Work with business leader to design and manage the data classification process
• Understanding of DLP, User Behavior and Endpoint Protection technologies
• Experience with mock or real security breach discovery and management.
• A strong understanding and experience with at least one of the following security compliance frameworks: CSAE 3416, SOC1, ISO 27000:2013 would be a definite asset though not mandatory
• Demonstrated leadership abilities; i.e. experience taking ownership of problems and working on projects involving multiple resources.
• An understanding of the importance of securing sensitive information as well as ensuring the integrity of the systems being administered;
• Strong verbal and written communication skills, including the ability to communicate and interact effectively with technical professionals as well as users and others who are non-technical experts;
• Strong customer service orientation, with a demonstrated ability to listen and understand, and to establish and maintain effective relationships with users;
• High level of analytical and problem-solving skills, including the ability to follow problems through to resolution;
• Initiative and creativity to develop new approaches or solutions;
• Ability to work independently and take accountability for the quality of work;
•Equally able to work effectively and collaboratively as a team member, sharing information and ideas in a timely manner;
• Ability to plan and manage time effectively, multi-task, prioritize and meet deadlines in a fast-paced, time-sensitive environment
• Ability and commitment to acquire new skills and improve knowledge and competencies
Looking for Meaningful Work? We can help
If you're a technical professional, you know that it can be difficult to find fulfilling work that advances your career. At the Ian Martin Group, we exist to connect professionals like you with meaningful work at industry-leading companies in your field. And we walk the walk, too: as a Certified B Corporation, we believe in using business as a force for good for people, our communities, and the environment.
We value diversity and inclusion and encourage all qualified people to apply.
We encourage all qualified candidates to apply; however, only those selected for an interview will be contacted.