Perform GRC functions and maintain the Cyber Security Risk register to ensure risks are known and well documented with established resolutions.
Execute third party risk processes for cyber
Perform/execute on awareness programs and phishing processes
Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data
Review all existing and new security technologies, tools and services, and make recommendations to the broader infrastructure team
Participate in and lead information security related incident response activities
Document and oversee policy maintenance and creation
Assist in developing and maintaining a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
Monitor and report on vulnerability remediation timelines, ensuring business units adhere to established SLAs (Service Level Agreements).
Stay abreast of information security events, news, trends and evolving legislative/regulatory changes

Skills required to create and execute a third party risk program
Direct experience managing and working with Security Operations Centers
Experience defining and tracking Key Performance Indicators (KPIs) for vulnerability management and patch compliance.
Direct, hands-on experience or a strong working knowledge of GRC and Security awareness tools
Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services

This position offers a base salary of $100,000
$115,000 CAD. In addition to base salary, this role is eligible for a performance based annual bonus.

Cyber GRC Analyst

Key skills