Cybersecurity & IT Risk and Compliance Analyst

Job Description

Overview

As a Cybersecurity and IT Risk and Compliance Analyst you are responsible for working with the Information Security and IT Risk Management leaders to develop and maintain Cybersecurity and IT Risk and Compliance Management governance, frameworks, policies and processes. You will work with operational teams to provide risk and compliance management advisory, coordination, facilitation and oversight services to enable IT and business leaders to effectively and efficiently manage operational risks and meet compliance requirements within the domain or business units.

Responsibilities

• Assist the business and Information & Technology (IT) leaders in conducting business impact analysis and maintaining a map of business process to information technology.
• Work with IT leaders to develop and maintain IT Risk Taxonomies.
• Work with IT leaders to perform IT Risk and Control Assessments (RCAs) and response planning.
• Assist the business and IT leaders in conducting Change Risk Assessments for material changes in the IT environment.
• Work with business and IT leaders to develop and maintain an inventory of external requirements and the annual IT Compliance plan.
• Work with IT leaders to design and implement IT controls and conduct periodic control self-assessments and IT third party service providers control assessments.
• Develop and maintains the Program Risk Management Plan and Register.
• Provide Risk Management Training.
• Facilitate risk identification, analysis, response planning, monitoring and lessons learned.
• Work with IT leaders to develop and maintain the IT Risk and Compliance Management framework, policies, standards, processes, tools and best practices.

Qualifications

Education:

• Diploma in Computer Science or related discipline.
• A current senior professional certification or equivalent from a recognized education institution or company relevant to audit or risk, including;
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Certified in Governance of Enterprise IT (CGEIT)
• Certified Information Security Manager (CISM)

Experience:

• Seven years of experience in IT, including three years supporting information security issues and controls, IT Risk Management and IT Compliance.
• Experience documenting process and procedures is an asset.

Technical Knowledge & Skills:

• Knowledge of industry risk and compliance policies, procedures and best practices.
• Ability to relate to others with all levels of technical competency.
• Knowledge of IT process and control frameworks such as COBIT, NIST CSF, ISO 27002, ITIL, PMI, etc.

Employee Benefits

Health benefits

We offer a comprehensive health benefits program that includes:

• flexible health, dental and vision plans
• health spending account
• travel health coverage
• other extended health benefits such as ambulance, massage and physiotherapy

Financial security

In an effort to support financial security, we offer:

• registered pension plan
• group, dependent, and optional life insurance coverage
• critical illness insurance
• sick leave to cover short-term disability
• long-term disability

Wellness

We offer programs that focus on how to better achieve a balance between work and personal commitments, as well as maintain a healthy workplace culture. This includes:

• vacation entitlement
• flexible work arrangement for eligible positions
• maternity, parental and adoptive leaves
• bereavement and family responsibility leaves
• employee and family assistance program
• mental-health programming
• lunch-and-learn offerings
• discounted gym memberships and wellness account

Diversity and inclusion

Manitoba Public Insurance believes that diversity and inclusion strengthens us. We consider ourselves to be a barrier-free organization where individual values, beliefs and practices are respected and appreciated for the diversity they bring to our work life.

Employee recognition

It's important to recognize our employees for their contributions. Not only do we recognize employees as they achieve milestone years in their careers, we also have several outlets for leaders and peers to reward each other for work well done.

Professional development

We want our employees to grow, which is why we offer support in keeping their skills up-to-date. We offer in-house training, professional development and an educational assistance program.

Safety and health

In an effort to encourage a safe and healthy work environment, we offer various safety, health and workplace policies and programs along with technical expertise and assistance to support employee activities in safety and health.