|Job Category||Information Technology|
|Application Deadline||September 30, 2019|
|Experience Required||10+ years|
|Job Duration||6 months|
Our client in Banking & Finance industry is seeking a Information Risk Specialist in Toronto. This is a 6 months contract position.
The Information Risk (IR) Specialist is accountable to ensure that information security and information management risks within technology and business operational areas are managed through the Operational Risk Management Framework; risk are identified, assessed, monitored and reported, appropriate controls are in place, and procedures and activities comply with the Information Security (IS) and Information Management (IM) Corporate Standards, the Information Security Manual (ISM), the Records Retention Schedule (RRS), and relevant local standards and regulatory requirements.
Second Line of Defense Risk Management
Ensure information risks are identified, evaluated, communicated and subsequently managed for the entire life of the risk. Use appropriate tools and processes (e.g. GRC) to track issues and risks.
Escalate potential information risk issues to management leveraging Operational Risk functions and reporting. Provide challenge, oversite and currency on resolution plans or risk acceptances.
Participate in Risk Control Assessments (RCA):
As the IS/IM subject matter risk expert, participate in quarterly and annual roundtables or refresh activities with the OROs and business leaders across the enterprise to provide guidance and advice to assist the business areas with evaluating IS/IM Risk.
Effectively challenging the first line of defense assessment, risk acceptances, exceptions, issues and remediation plans in support of the risk control practices.
Participate in the Initiative Assessment and Approval Process (IAAP)
As the IS/IM subject matter risk expert, provide an independent risk determination, rating and conditions for approving new initiatives
Provide oversight on compliance to standards consistent with IS/IM policies and guidelines, and in synergy with the T&O control frameworks,
Review and provide recommendations to IS/IM policies, and 1st line standards and guidelines.
Consulting and Communication
Establish and manage working relationships with other Corporate Support Areas, Enterprise Operational Risk Management, Operational Risk Officers, Information Security Officers and the Information Security community to ensure IS/IM Risks are accurately reflected and clearly understood.
Training and Awareness
Facilitates communication and training, to promote effective Information Security and Information Management risk management behaviors and embed Information Risk controls and practices within the organization, leveraging and reinforcing existing awareness programs.
Providing risk driven input to new Awareness campaigns and targeted training programs.
Assist local organizations in developing and implementing their own unit or role specific Information Security training and awareness programs as appropriate.
To deliver on these accountabilities, the incumbent must have the following authorities.
Recommending new frameworks and processes as necessary to report IS/IM risk
Advising provide insights on enterprise, IS/IM Risks
Monitoring of practices, processes, mitigation to ensure compliance with requirements
Monitoring results of IS/IM Risk programs to assess their effectiveness
Escalating IS/IM Risk issues, exposures
Coordinating information required to create reports and metrics for the key risk indicators
Providing an independent opinion on IS/IM Risk within RCAs and IAAPs
Approximately 10 years of related industry experience, preferably in a financial institution
Experience in Information Security required, Security certifications required
Knowledge of operational risk and analyzing risk information required
Outstanding interpersonal, oral and written communication skills
Sound interpretation and defending skills this is a challenge type role (will be overseeing and challenging the work of the 2nd line of defense) must be able go back and forth in a professional manner
Superior analytical skills; ability to frame key analyses required to address critical business issues
Strong conceptual skills and ability to deal with ambiguity; creative and lateral thinker
Ability to establish conducive working relationships with stakeholders across a variety of functions including business, operations and technology
Team-oriented, collaborative and flexible
Ability to address and deliver against multiple and competing deadlines
NICE TO HAVE SKILLS:
Working knowledge of Banking Group business preferred
Experience with RSA Archer Enterprise Management system deemed an asset having to analyze data within this system
Bachelor degree in Business or Technology or equivalent experience
SOFT SKILLS/PERSONALITY TRAITS:
Looking for someone who is open to learning having the opportunity to learn about leading edge security initiatives
Understanding of Network / Infrastructure developments
System Development Life Cycle
Project Management Experience
Governance, Risk and Control (GRC) knowledge
Regulatory / Compliance background
To apply, send your updated resume to: firstname.lastname@example.org
Candidates must be in Canada and with valid work permit for being able to apply for this role.