Senior Information Security Assessment Analyst(65714-1)

Location: Toronto, Ontario, Canada
Date Posted: 30-11-2017
Senior Information Security Assessment Analyst
What is the Opportunity?

As a Senior Information Security Assessment Analyst, you will provide Information Security expertise within clients and with Key Suppliers. In this role, you will offer assessment support for initiatives involving our third party suppliers and enterprise applications to ensure risk mitigation and controls are properly created and documented.
What will you do?

•       Provide assessment services to Project teams and their Business units to assist in their security assessments in order to identify potential risks. Review the security issues and recommend  the appropriate controls to mitigate these risks
•       Communicate key organizational stakeholders and senior executive management on security matters and impacts on the organization
•       Conduct Security Reviews, Walkthroughs and Risk Assessments
•       Support in assessing the security posture of clients 3rd party engagements and outsourcing initiatives including the review of supplier security policies, logical and physical application controls, and onsite inspections if required
•       Provide support for risk assessment reviews using clients Risk Management methodologies and tools
•       Effectively communicates and builds rapport with team members, stakeholders and business partners using a variety of techniques and collaboration from initiation to close
•       Resolves complex conflicts/issues and escalates others as appropriate
•       Provide support to other Security Risk Assessment Analysts  as required


What do you need to succeed?

Must - have
•       Five or more years’ experience in all of the broad range of core services in Information Security/Risk Management
•       Possess strong understanding of web and mobile application architecture and development principles
•       Exposure to application security best practices such as secure coding, security testing techniques
•       Expert knowledge of Security Policies and Standards
•       Expert knowledge of Information Security  practices
•       Proficient knowledge of compliance, audit and privacy policies and regulations
•       General knowledge:
o       Security technology
o       Access control
o       Application Development Security
o       Business Continuity and Disaster Recovery
o       Information Security Governance and Risk Management
o       Network security
o       Cryptography
o       Mobile
o       Cloud
•       Industry recognized qualifications/certifications in Information Security and/or Risk Management (CISSP and/or CRISC)

Nice-to-have
•       Knowledge of OWASP, SANS, NIST, ISO 27001, ISF or other security-related practices
•       Other industry recognized qualifications/certifications (CISA / CCSK / CSSLP / SABSA) an asset
•       Previous Banking/Financial Industry experience
•       General knowledge of clients Technology Security Standards & Practices
or
this job portal is powered by CATS