Senior Security Analyst to conduct Cyber and IT risk assessments against the regulatory obligations/controls (NYDFS, FFIEC, FRB, NIST) within a top financi

Senior Security Analyst to conduct Cyber and IT risk assessments against the regulatory obligations/controls (NYDFS, FFIEC, FRB, NIST) within a top financial institution - 35699

Hiring Manager: Senior Manager, Technology Assessment & Effectiveness

Location Address: Scarborough - Hybrid: 2 days/week in office (there is some flexibility to WFH if preferred), but this may change to 4 times/week - strong preference for candidates in GTA

Contract Duration: 1 year (possibility of extension or conversion to FTE)

Number of Positions: 3

Schedule Hours: Monday-Friday, 9am-5pm

Story Behind the Need

Business group: Cyber & IT remediation

Project: Bank on a annual basis has to conduct Cyber & IT risk assessments against the regulatory obligations / controls - NYDFS, FFIEC, FRB regulations, NIST framework.

Candidate Value Proposition:

Exposure to regulatory remediation project.

The successful candidate will have the opportunity to work within a Top 5 Bank. We are technology partners who help the business transform how our employees around the world work. You will get to work with and learn from diverse industry leaders, who have hailed from top technology.

Typical Day in Role:

1) Risk Identification and Assessment

• Conduct comprehensive risk assessments on IT systems, infrastructure, and cybersecurity processes.
• Identify potential risks and vulnerabilities, and evaluate existing controls for adequacy.
• Perform gap analysis between the current and desired risk posture, and recommend mitigation strategies.
• Work closely with IT, cybersecurity, and business units to assess risks associated with new technologies (cloud, AI, etc.).

2) Risk Monitoring and Reporting

• Continuously monitor IT systems and security environments for emerging risks and threats.
• Produce regular risk reports, highlighting control effectiveness and areas for improvement.
• Present findings to senior management and key stakeholders, ensuring timely action on identified risks.
• Track and report on risk mitigation activities, ensuring timely resolution of high-risk items.

3) Technology and Tools

• Utilize risk management and assessment tools (e.g., GRC platforms like Archer, ServiceNow) to automate and streamline risk processes.
• Collaborate with IT teams to integrate risk management tools into the broader IT infrastructure.
• Recommend new technologies or tools that can enhance risk management capabilities.

4) Regulatory and Compliance Alignment

• Ensure that IT risk management practices comply with regulatory requirements such as SOX and others.
• Support external and internal audits related to IT security and risk management processes.
• Collaborate with compliance, audit, and legal teams to ensure adherence to relevant laws and regulations.

Candidate Requirements/Must Have Skills:

• 10 years Cyber and IT risk background
• 5+ years of Experience in IT Asset Management, End of life, Incident, Problem, Change Mgmt, Data Governance, Identity Access Mgmt, Development - DEvOps, Cloud/AI, databases, Hadoop (any combination of the above)
• 5+ years of Experience in Risk Identification and Assessment
• 5+ years of Risk Monitoring and Reporting
• Utilize risk management and assessment tools (e.g., GRC platforms like Archer, ServiceNow) to automate and streamline risk processes.
• Regulatory and Compliance Alignment with regulatory requirements such as SOX and others.

Nice-To-Have Skills:

• You possess advanced communication (verbal/written/presentation) skills in English.
• FI experience is preferred, not from healthcare.
• Previous experience in Palo Alto, Zscaler etc will be an asset.

Education:

• Post-secondary education in Computer Science or in a related field
• Certifications (CISSP, CISM, CCSP, CRISC) are nice to have

Best VS. Average Candidate:

Ideal candidate has experience merging all the requirement: developing security use cases, DLP rules and policy creation management to detect security events and has the right working attitude

Candidate Review & Selection

• 1st round 15mins screening on MS teams
• 2nd round 30mins panel interview on MS teams