Information Security Analyst III

Summary

The Information Security Analyst - GRC involves performing comprehensive scoping control assessments and audit facilitation as part of the certification team. This person will work closely with cross-functional teams to assess risks and controls work directly with Business Continuity Disaster Recovery and Crisis Management and assist with IT audit projects.

What you'll do

• Ensure the security process is governed by organizational policies and practices that are consistently applied;

• Require that data with similar criticality and sensitivity characteristics be protected consistently regardless of where in the organization it resides;

• Enforce compliance with the security program in a balanced and consistent manner across the organization and ensure adherence to applicable regulations;

• Routinely inform the Operations & Technology Committee & Management Risk Committee (MRC) of the overall status of the Institution’s Information Security Program to prevent cyber-attacks;

• Coordinate Risk Assessment audits PCI DSS PCI PIN Security ISO 27001 ISO 22301 penetration/vulnerability tests and other related assessments;

• Contribute to the definition of BC & DR strategy policy standards plans and direction;

• Be the subject matter expert on business continuity disaster recovery and crisis management supporting business stakeholders;

• Structure support and coordinate regular business continuity and disaster recovery testing to assess the effectiveness of established plans and procedures;

• Structure support and coordinate all aspects of design implementation planning testing and governance of Business Continuity Disaster Recovery Emergency and Crisis Management Plans within the company's Business Continuity scope;

• Ensure that the business IT and third-party teams involved are adequately trained in BC DR and Crisis requirements policies and standards and that the Business Continuity theme is disseminated throughout the company;

• Structure and conduct Business Impact Analysis (BIA);

• Create executive reports regarding strategies test results risks and crises;

• Build and update business continuity KPIs;

Minimum Qualifications

• Experience of cybersecurity frameworks and audits such as ISO 27001 ISO 22301 PCI DSS SOC 1 and SOC 2 and other regulatory requirements;

• Experience with Business Continuity Disaster Recovery and Crisis Management;

• Desirable experience with  Disaster Recovery with  AWS;

Core Benefits

• Remote work

• Flexible hours

• Gympass

• Meal & Food vouchers

• Remote work financial support

• Life Insurance

• Medical and Dental Assistance

• Employee child care benefit: daycare

• Vidalink partnership

• Day off (Birthday)

• Support for studying languages

• 50% off AWS and GCP certifications

Technologies that we apply in our day

• SAST

• SCA

• IaC Scans