IT Risk Management Analyst

Savvy IT Resources Inc. - Edmonton, AB (30+ days ago)

Apply Now

Type: Contract
Term: 6 months
Location: Edmonton, AB

Reporting to the Corporate Information Security Officer (CISO), the IT Risk Management Analyst is responsible for establishing and maintaining overall IT Security Risk Management program, by identifying, evaluating and reporting on information security risks. The IT Risk Management Analyst will:

RESPONSIBILITIES:

  • Assist with risk identification and assessments of all IT security-related activities that might introduce or change the risk status of the corporation’s information systems and assets;
  • Advise the CISO, IT Leadership Team, and other key stakeholders on risks and assist in evaluating and presenting acceptable levels of residual risk to the corporation;
  • Review all IT operational and project activities (plans, designs, testing, reporting, etc.) providing a risk profile, and recommend appropriate remediation measures to minimize risks;
  • Work with the compliance analysts to continually monitor compliance drifts, providing risk assessment and consequences of new risk profile and advise applicable managers to take effective remediation steps;
  • Review with the applicable IT Manager the results of vulnerability assessment exercises with a view to creating a “real” risk posture of the IT systems;
  • Benchmark and maintain up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to established IT policies and practices;
  • Create, distribute and update documentation of identified IT risks and controls;
  • Establish and maintain standards, procedures, and guidelines for information classification and protection;
  • Manage information asset and application risk assessment for current and new applications;
  • Work with the Information Security Administrator to continually review the results of vulnerability scanning and penetration testing to provide an “as is” technical risk assessments of Information Security resources.

QUALIFICATIONS:

  • Degree in Computer Science;
  • 6 years of experience in IT Audit, IT Risk, or Information Security;
  • Preference will be given to those with CRISC, CISM, and/or CISSP Certifications;
  • Excellent organizational, communication, interpersonal, documentation and leadership skills to collaborate across business resources and other program areas;
  • A basic knowledge of a broad range of standards and frameworks: International Standards Organization (ISO) 2000 & 27001, IT Infrastructure Library, Capability Maturity Model Integration and Six Sigma
  • Knowledge of common risk management methodologies (COBIT, NIST, COSO, etc.);
  • The capacity to work with cross-functional teams to accomplish project and program goals is required;
  • the ability to prioritize projects and allocate resources accordingly.

Applicant must be eligible to work in Canada and reside within Canada.

**Final candidates will be required to undergo a comprehensive background check, including security screening and verification of credentials.**

Job Type: Contract

Experience:

  • IT Risk / Security: 6 years (Required)

Licence:

  • CRISC, CISM, and/or CISSP (Preferred)