Cybersecurity Governance Analyst (Contract)

CoreFactor is searching for a Cybersecurity Governance Analyst on a contract basis for a client in the GTA.

This position if fully remote. The successful incumbent can be located anywhere within Canada, however, will be required to work 9AM-5PM EST.

Description

The successful incumbent will be instrumental in developing, managing, and enforcing cybersecurity policies and frameworks that protect our organization's assets. This role involves collaborating with various stakeholders to ensure that our cybersecurity practices meet industry standards and regulatory requirements. The Cybersecurity Governance Analyst will report into the Manager, Cybersecurity Governance, and work closely with Cybersecurity and other Technology teams in the organization.

Responsibilities

• Ability to develop and maintain comprehensive cybersecurity policies, procedures, standards, and guidelines in compliance with industry standards and best practices.
• Identify vulnerabilities and threats organization wide to analyze cybersecurity risk and recommend mitigation or remediation strategies.
• Monitor compliance with cybersecurity policies and standards across the organization.
• Coordinate with internal stakeholders to govern cybersecurity best practices and processes.
• Prepare metrics and reports to senior management on the status of identified cybersecurity risk and compliance activities.
• Stays current on the cybersecurity and threat landscape including understanding new attacks, security technologies, tactics, techniques, controls, and solutions to improve the security posture of the organization.
• Assist with the management of third-party risk and ensure vendors comply with our cybersecurity requirements.
• Participate in audits, self-assessments, and provide evidence of compliance with cybersecurity requirements.
• Identify key risk indicators (KRI) and key performance indicators (KPI) to measure long-term performance and track progress toward specific objectives.
• Assesses and identifies security control gaps, mitigation, and remediation efforts with internal and external stakeholders.
• Manage and utilize the GRC platform to track risks, remediation activities, and other requirements throughout the organization.
• All other duties assigned by the Manager, Cybersecurity Governance.
  
  

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Strong understanding of cybersecurity frameworks such as ISO 27001, NIST CSF/800-53, and COBIT.
• Experience with regulatory compliance, including GDPR, HIPAA, and PCI-DSS.
• Superior analytical and communication skills with the ability to identify cybersecurity risks and threat modelling.
• Effective communication skills, capable of explaining complex security concepts to non-technical stakeholders.
• Detail-oriented with strong organizational skills to manage multiple priorities.
• Knowledge of a variety of security technologies and information systems such as operating systems, network topologies (LAN/WAN), internet protocols and applications, firewalls IPS/IDS, identity management, endpoint detection, encryption, identity management, and vulnerability scanning solutions.
• Certifications in cyber security are required such as CISSP, CISM, or CRISC or working towards.
• 4-6 years of IT related experience with a focus in security technologies, governance, risk management, vulnerability management, security assessment, readiness assessments, and monitoring.
• Experience with Governance, Risk, and Compliance platforms and tools.
  
  

Nice to Have

• Experience with cybersecurity audit processes and methodologies.
• Background in implementing security policies and procedures in a cloud environment.
• Knowledge of data privacy laws and their application in a business context.