Our Calgary based Energy client has an immediate need for an Intermediate to Senior Cyber Risk Analyst to join their team. This would be a contract position for two (2) months.
The Cyber Risk Analyst supports and maintains governance and cybersecurity-related processes. This individual serves as liaison between internal/external cyber risk teams and the processes that manage cyber risk, including cyber risk activity tracking, and assists with cybersecurity-related processes maintenance, reporting and documentation.
• Maintains the CISO policy exception and risk acceptance processes in the Enterprise Risk Management (ERM) tool
• Maintain documentation in support of ERM process and toolset
• Administers the CISO policy exception process
• Facilitate an understanding of enterprise cybersecurity risk landscape tolerance and accepted risk
• Develop and deliver education, awareness and communication of the exception process for end users
• Tracks cybersecurity risk remediation activities
• Contributes to the development of Standard Operating Procedure documentation for cybersecurity risk coordination activities
• Provides detailed status reporting cybersecurity risks and associated remediation activities
• Assist in maintenance of Cybersecurity Framework and related risk/security metrics
• Assist in design and creation of new cybersecurity policies and related risk/security metrics
• Other tasks as assigned, cybersecurity or governance related
• The Cyber Risk Analyst supports cybersecurity risk acceptance and mitigation activities that help reduce cybersecurity risk.
• Ensures risk treatment plans are documented and monitors remediation actions.
• Ensures cybersecurity risk reporting is consistent with the Enterprise Risk Management Framework.
Contacts (Working Relationships)
• Weekly interaction with internal business unit representatives to provide cybersecurity risk management guidance and facilitation of the CISO policy exception process.
• Weekly interaction with internal business unit representatives and project managers to track progress of remediation actions.
Knowledge, Skills & Abilities
• University degree or technical diploma in an IT related field
• 2+ years of experience in cybersecurity risk and compliance
• Knowledge of ISO 27001 and 27002 is strongly desired
• Strong knowledge of cybersecurity risk management procedures
• Strong business and technical background
• Excellent organizational skills
• Excellent written and verbal communication skills, including the ability to communicate complex technical matters in easy to understand non-technical ways
• Ability to identify priorities and ensure work is completed within stipulated timeframes
• Ability to work independently or as part of a team
• Cybersecurity-related certifications are an asset: CISSP, CRISC, CISM, etc
• Experience in creating risk reporting, analysis and dashboards
If you bring the mentioned skills and experiences to the table, then we would love to chat you!
Looking for Meaningful Work? We can help.
If you're a technical professional, you know that it can be difficult to find fulfilling work that advances your career. At the Ian Martin Group, we exist to connect professionals like you with meaningful work at industry-leading companies in your field. And we walk the walk, too: as a Certified B Corporation, we believe in using business as a force for good for people, our communities, and the environment.
We value diversity and inclusion and encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, please contact us at firstname.lastname@example.org. We encourage all qualified candidates to apply; however, only those selected for an interview will be contacted.