Sr. Security Analyst with experience solutioning in a multi-tier cloud environment to manage, optimize and conduct Supplier Risk Assessments for new vendor

Sr. Security Analyst with experience solutioning in a multi-tier cloud environment to manage, optimize and conduct Supplier Risk Assessments for new vendors for our large Insurance Client.

Location: Hybrid (3 days per week in either Toronto, London, Winnipeg)

Duration: 6 Months

As the Senior Security Analyst, you will play a pivotal role in managing supplier risk and enhancing customer’s trust. In this capacity, you will be responsible for providing insightful analysis on supplier risk, with a focus on conducting comprehensive assessments. These assessments will delve into cybersecurity, privacy, and business continuity management (BCM) for the most part. It will necessitate collaboration with both internal stakeholders and external entities. As a versatile team player, you will also have the opportunity apply your extensive knowledge to a broader range task, as needed.

Responsibilities:

• Manage the supplier risk assessment for new vendors, which span security, privacy, and business continuity management (BCM).
• Perform ongoing security risk assessments and monitor risk posture of existing suppliers.
• Review supplier contracts to meet security, privacy, and BCM requirements.
• Audit suppliers to ensure they are meeting their control obligations.
• Analyze vendor risk and customer relationships by analyzing due diligence questionnaire responses and documentation.
• Recommend and implement enhancements to the supplier risk management processes.
• Prepare security risk reports, dashboards, and operational metrics for continuous improvement and monitoring purposes.
• Maintain and develop team documentation, with the aim of standardizing knowledge base and processes.
• Update and provide feedback on security policies and procedures in line with current risks and regulations.
• Share knowledge and train other team members on supplier risk management best-practices.
• Perform any additional tasks that may stem from being a part of a dynamic and fast-paced environment. This may include conducting technology risk assessments, provide consultations for supplier-provided solutions, support internal audit reviews, and more.

Must Haves:

• 5+ years experience as a Security Analyst with experience implementing/recommending security solutions for multi-tier cloud-based applications across platforms such as Microsoft Azure, GCP, and AWS.
• Relevant industry certifications (e.g. CISSP, CISM, CRISC, CISA).
• An understanding of various substantiating materials, including SOC2 and ISO reports, which can be used to assess control effectiveness.
• Experience in interpreting and consulting on the requirements of the Information Security and Privacy policies and standards within a large organization.
• Strong knowledge of IT control frameworks, such as COBIT, ISO 27001, and the NIST cyber security framework.
• Working knowledge of IT Audit processes, including design of control test procedures

Nice to Have:

• Prior leadership experience.
• Strong working knowledge of threat risk assessment (TRA) methodologies.