Information Risk Specialist

Job CategoryInformation Technology
Position TypeContract
Application Deadline September 30, 2019
Experience Required10+ years
Job Duration6 months
Education RequiredBachelors

Our client in Banking & Finance industry is seeking a Information Risk Specialist in Toronto. This is a 6 months contract position.
Job Description
The Information Risk (IR) Specialist is accountable to ensure that information security and information management risks within technology and business operational areas are managed through the Operational Risk Management Framework; risk are identified, assessed, monitored and reported, appropriate controls are in place, and procedures and activities comply with the Information Security (IS) and Information Management (IM) Corporate Standards, the Information Security Manual (ISM), the Records Retention Schedule (RRS), and relevant local standards and regulatory requirements.
Accountabilities include:
Second Line of Defense Risk Management
• Ensure information risks are identified, evaluated, communicated and subsequently managed for the entire life of the risk. Use appropriate tools and processes (e.g. GRC) to track issues and risks.
• Escalate potential information risk issues to management leveraging Operational Risk functions and reporting. Provide challenge, oversite and currency on resolution plans or risk acceptances.
• Participate in Risk Control Assessments (“RCA”):
As the IS/IM subject matter risk expert, participate in quarterly and annual roundtables or refresh activities with the OROs and business leaders across the enterprise to provide guidance and advice to assist the business areas with evaluating IS/IM Risk.
• Effectively challenging the first line of defense assessment, risk acceptances, exceptions, issues and remediation plans in support of the risk control practices.
• Participate in the Initiative Assessment and Approval Process (IAAP)
As the IS/IM subject matter risk expert, provide an independent risk determination, rating and conditions for approving new initiatives
• Provide oversight on compliance to standards consistent with IS/IM policies and guidelines, and in synergy with the T&O control frameworks,
• Review and provide recommendations to IS/IM policies, and 1st line standards and guidelines.
Consulting and Communication
• Establish and manage working relationships with other Corporate Support Areas, Enterprise Operational Risk Management, Operational Risk Officers, Information Security Officers and the Information Security community to ensure IS/IM Risks are accurately reflected and clearly understood.
Training and Awareness
• Facilitates communication and training, to promote effective Information Security and Information Management risk management behaviors and embed Information Risk controls and practices within the organization, leveraging and reinforcing existing awareness programs.
• Providing risk driven input to new Awareness campaigns and targeted training programs.
• Assist local organizations in developing and implementing their own unit or role specific Information Security training and awareness programs as appropriate.
To deliver on these accountabilities, the incumbent must have the following authorities.
• Recommending – new frameworks and processes as necessary to report IS/IM risk
• Advising – provide insights on enterprise, IS/IM Risks
• Monitoring – of practices, processes, mitigation to ensure compliance with requirements
• Monitoring – results of IS/IM Risk programs to assess their effectiveness
• Escalating – IS/IM Risk issues, exposures
• Coordinating – information required to create reports and metrics for the key risk indicators
• Providing – an independent opinion on IS/IM Risk within RCAs and IAAPs
• Approximately 10 years of related industry experience, preferably in a financial institution
• Experience in Information Security required, Security certifications required
• Knowledge of operational risk and analyzing risk information required
• Outstanding interpersonal, oral and written communication skills
• Sound interpretation and defending skills – this is a “challenge” type role (will be overseeing and challenging the work of the 2nd line of defense) – must be able go back and forth in a professional manner
• Superior analytical skills; ability to frame key analyses required to address critical business issues
• Strong conceptual skills and ability to deal with ambiguity; creative and lateral thinker
• Ability to establish conducive working relationships with stakeholders across a variety of functions including business, operations and technology
• Team-oriented, collaborative and flexible
• Ability to address and deliver against multiple and competing deadlines
• Working knowledge of Banking Group business preferred
• Experience with RSA Archer Enterprise Management system deemed an asset – having to analyze data within this system
• Bachelor degree in Business or Technology or equivalent experience
• Looking for someone who is open to learning – having the opportunity to learn about leading edge security initiatives
Understanding of Network / Infrastructure developments
System Development Life Cycle
Project Management Experience
Governance, Risk and Control (GRC) knowledge
Regulatory / Compliance background
To apply, send your updated resume to:
Candidates must be in Canada and with valid work permit for being able to apply for this role.