Information and Security Control Risk Manager

Location Address: Scarborough – hybrid – onsite 1-2 x/week
Contract Duration: 1 year
Possibility of extension & conversion to FTE
Number of Positions: 1
Schedule Hours: 9am-5pm Monday-Friday (Possible OT) – flexibility required – may be required to work on weekends at peak times
Reason: additional workload

Story Behind the Need
Business group: Global Technology Control Testing
The US cybersecurity and IT risk team oversees and advise on cybersecurity and IT risk matter in US. The team primary focuses is to ensure the bank's security controls are in line with industry standards and compliant with the regulator requirement.

The primary function of an Information and Security Control Risk Manager is to monitor, analyze, and report on cybersecurity requirements against relevant regulations and standards, such as NYDFS, FFIEC, and NIST CSF, while taking a risk-based approach. The IS&C manager will be able to understand complex security challenges, identify vulnerabilities, and propose effective solutions.

• Candidate Value Proposition:
The successful candidate will have the opportunity to work with the US team and build on their Cybersecurity skills within one of the Top 5 banks in Canada. The candidate will be exposed to opportunity to grow within the bank as the team is expanding as well.

• Typical Day in Role:
Dedicated and detail-oriented cybersecurity professional with a strong background in regulatory compliance.
• Continuously monitor and assess the effectiveness of security controls and processes.
• Perform the information security compliance tasks such as ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
• Perform control assessments against enterprise cybersecurity frameworks and standards.
• Track, manage, and report on any internal or external cybersecurity-related issues.

Candidate Requirements/Must Have Skills:
1. 5+ years of experience in related cybersecurity technical background and exposure to cloud technologies (Azure, Google)
2. 3+ years of recent project experience with security governance, policies, cybersecurity frameworks, security standards, and regulatory compliance
3. 3+ years of experience with and strong knowledge of security controls/mechanisms (gap analysis)
4. Intermediate Excel skills (V-lookups, macro, etc.)

Nice-To-Have Skills:
1) experience with risk assessment techniques pertaining to complex data, application, and networking environments
2) Information security related certification (such as Security+, CISA, CISM, CISSP)
3) Recent relevant Financial Industry Experience

Soft Skills Required:
– Excellent communications and written skills.
– Comfortable putting together and presenting risk reporting to a US IS&C management.
– Candidate must be a team player and may be required to assist other team members in other security and IT risk tasks, as needed.
– Ability to manage assigned tasks and expectations without direct instruction or oversight.
– Fast, adaptable learner who can hit the ground running.
– Ability to work well under pressure while demonstrating strong professionalism.
– Willingness to learn new technologies and security-related information

Education:
Bachelors degree in related Cyber/ IT field or relevant experience

Best vs. Average Candidate
The ideal candidate would have knowledge with NYDFS Cybersecurity regulations, experience with regulatory examinations, or strong understanding of NIST CSF.

Candidate Review & Selection
2 rounds
1st – HM – 45 mins – MS Teams Video
2nd – Panel (Director, IT risk, cyber risk team) – 1 hr – MS Teams Video

Hiring Manager’s availability to interview: ASAP