Lead Security Analyst - Waterloo, Canada - opentext

opentext

Verified Company

Waterloo, Canada

3 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

OPENTEXT - THE INFORMATION COMPANY

As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital.

Be part of a winning team that leads the way in Enterprise Information Management.

The Opportunity:

Working within the Global Information Security team, reporting to the Manager of Security Governance, the Lead Information Security Governance Analyst will be involved in leading and sustaining the Protected B (ISTG-33) Governance framework by working collaboratively with internal teams, SMEs, and other stakeholders.

You will lead the governance program and contribute to other public sector certifications.

The Lead Information Security Governance Analyst will be expected to understand a wide array of IT security controls, processes, and concepts.

This will include extensive effort researching and writing security policies, understanding data protection strategies, and organizing policy documentation for the entire organization.

The role will also be required to provide support of audit controls for ISO27001, SOC1, and SOC 2 on the Open Text Commercial platforms.

The role is primarily responsible for Policy & Documentation Mgmt associated to Protected B (ISTG-33).

The role works with a team of analysts, who have diverse program responsibilities including but not limited to; Security Awareness Training, Security Communications, Budget Planning, Mergers & Acquisitions, and presentations to senior leadership.

The Governance Analyst will be responsible:

Ensure that all security policies and documentation under the stewardship of the Governance team are reviewed and updated no less than on an annual basis,
Help to facilitate monthly reviews of our security policies in support of our ISO27001 ISMS program.
Assist in facilitating the quarterly governance policy meetings communicating policy changes and governance initiatives to stakeholders.
Synchronizing complex policy clauses with other Information Security requirements regarding audit/compliance and risk management.
The review and assessment of new governance frameworks
Identifying opportunities for continuous improvement across Global Information Security
Assist with the creation presentations for senior leadership, and Board of Directors.
Knowledge of merger and acquisitions

This is a hands-on role, working and evaluating changes to our security policy documentation. This role will focus on continuous improvement of the governance program and associated activities. You will provide input and will directly interface with multiple groups across Open Text.

You are great at:

Including but not limited to:

Detailed knowledge of governance, compliance, and risk models
Knowledge of security frameworks, domains, and associated security concepts
Writing policies in support of security and business needs a requirements
Understanding concepts in support of audit controls for Protected B(ISTG33), ISO27001/ISO27017/ISO 27018, SOC1/SOC2, PCI-DSS, FedRAMP, and HIPAA
Process creation
Continuous Process improvement
Creating presentations

What it takes:

Bachelor's Degree in Information Systems, Business Administration, or similar degree, or equivalent experience preferred.
5+ years in security risk, compliance, and governance
Strong written and verbal communication skills
Working across multiple teams and stakeholders to create policy and process
Experience developing process
Collection of audit deliverables
Experience writing Process, Policy and Procedures documentation
Working across GIS teams to create a project portfolio
Experience creating presentations
Knowledge of merger and acquisition processes and ability to analyze security risk for M&A activities
Strong interpersonal skills are required to work across multiple internal teams
Familiar with commonly used information security frameworks, best practices, and standard procedures
Capable of working independently under pressure in a continually changing environment
Is resourceful in knowing how to research requirements and find information for documentation purposes
Strong knowledge of Open Text Commercial products and solutions is helpful
Audit framework knowledge for Protected B(ISTG33), ISO27001/27017/27018, SOC1 & SOC2, PCI-DSS, HIPAA, FedRAMP desired
Ability to work with peers and leadership teams
Ability to participate in key proactive security programs.
CGEIT, CISA, CISM, CISSP, ITIL or other IT certifications preferred