The Sr. Information Security Risk and Governance Analyst support the Information Security Risk
Management and Governance programs. They work with technology and business stakeholders to
identify Information Security risks, conduct risk assessments, recommend risks mitigation strategies, and monitor identified risks throughout its lifecycle. They also update and monitor Key Performance
Indicators (KPI’s), Key Risk Indicators (KRI’s), Service Level Agreements (SLA’s), and other documentation related to the Information Security program. They contribute to the creation of management reporting to convey the status of Information Security risks and governance metrics across the organization.
This role requires an experienced subject matter expert who has in-depth understanding of Information Security controls across a broad range of technologies and platforms.
Post-secondary degree in Computer Science or equivalent combination of education and experience
that satisfy the requirements of the position.
Minimum 5 years of progressive responsibilities in developing and supporting Information Security
risks management programs
Strong knowledge of Information Security controls for Mobile, IoT, Cloud, Applications, Network and
Excellent knowledge of security technologies which are commonly used in enterprises to protect
information systems, both on premise and in the Cloud. Hands-on design, implementation and
management of variety security technologies are strong assets.
Working knowledge of Information Security and Risk Management frameworks like ISO27001,
ISO27005 and NIST CSF and NIST 800-30
Understanding of legal and regulatory compliance standards and requirements like PCI-DSS and
CISSP, CISA, CRISC and other security certifications are a strong asset.