Sr. Information Security Governance Analyst - Waterloo, Canada - MCAP

    MCAP
    MCAP Waterloo, Canada

    2 weeks ago

    Default job background
    Description

    The Role

    Reporting to the Director, Information Security & Privacy Governance, this role will be responsible for the coordination and execution of governance, risk and control activities within MCAP's Information Security & Privacy programs.

  • This position will be accountable for the creation, maintenance and distribution of enterprise level policies, procedures and standards within the information security and privacy domains.
  • Ensure the information security & privacy programs accomplish its objectives by bringing a systematic approach to improve the overall effectiveness of these programs.
  • Coordinate and/or lead corporate level incident response preparedness through testing, reporting and actions and will participate in incident response.
  • Propose, create and maintain training courses, training presentations, programs, and develop new training materials that drive continuous awareness for information security & privacy.

    • Training and Education

  • Develop a roadmap for MCAP's awareness training as it relates to information security & privacy that enables greater awareness, compliance and education materials
  • Create and maintain an effective and measurable awareness training program.
  • Create, execute, monitor and report on simulated security exercises to increase the awareness of the importance of security and privacy protocols (. phishing campaigns, tailgating, vishing, mystery customer)
  • Drive awareness and compliance to information security & privacy best practices.

    • Governance & Operations

  • Develop and implement effective and reasonable policies, procedures and standards to secure MCAP assets.
  • Propose, create and maintain privacy and security corporate level programs (. DLP administration, access reviews, PIA's)
  • Coordinate and/or lead security assessments, audits, tabletops and penetration tests
  • Provide support to all stakeholders on information security & privacy standards.
  • Facilitate incident response preparedness through testing, develop plans to close gaps and updating response plans.
  • Contribute to the identification and maintenance of an information security risk registry.
  • Prepare and support security due diligence questionnaires and assessments.
  • Research, maintain an awareness and make recommendations of industry information security challenges, changes or opportunities that would improve MCAP's information security & privacy posture
  • Perform annual reviews of enterprise information security & privacy policies, procedures and standards.
  • Collaborate with management and with the technical information security team to identify gaps in policy, procedures, or standards and recommendations for improvements
  • Perform analysis of third-party vendor due diligence responses to identify gaps, escalate risks as required and make recommendations to improve the process

    • Program Measurement/Monitoring

  • Create measurements of compliance to corporate level policy and procedures (. Access reviews, DLP, PIA)
  • Develop and maintain an information security & privacy program scorecard/dashboard that demonstrates our current (real time) posture and opportunities for improvement
  • Develop a process to report on the remediation of issues that arise from external assessments or audits
  • Internally assess, evaluate, and bring forward recommendations to management regarding the information security & privacy program controls

    • What You Bring To The Team

  • Minimum 6-9 years in information security & privacy governance
  • Broad experience in the development of policies, procedures & standards
  • Strong knowledge of information security governance frameworks (. CIS, NIST, ISO)
  • Solid understanding and knowledge with security tools and technology (. firewalls, IDS, IPS, encryption, EDR, DLP, NAC, CASB, DKIM, DMARC, email protection)
  • Advanced interpersonal skills and the abilities to interface with all business units in the organization
  • Ability to work effectively and efficiently
  • Ability to multi-task in a fast-paced environment
  • Ability to develop and deliver awareness, education and coach.
  • Strong knowledge of security tools and technology
  • Strong knowledge of systems, network and cloud architectures
  • Strong knowledge with risk analysis, penetration testing, and vulnerability management
  • Demonstrated ability to create and maintain enterprise level security policy, procedures, etc...
  • Excellent writing and verbal communication skills, interpersonal and presentation skills and proven ability to influence and communicate effectively with all levels of staff.
  • Carries out duties with integrity and takes responsibility for actions
  • Handles critical and sensitive information with the strictest confidentiality and privacy
  • Excellent problem-solving and conflict resolution skills
  • Ability to lead change initiatives and to foster a positive employee relations environment
  • Very strong presentation and negotiation skills
  • Formal IT & security accreditations such as (. ITIL, COBIT)
  • Security certifications in (. CISM, CISA, CISSP)
  • A degree or diploma in a relevant area of study with preference for information security or computer science/engineering