Summary

The Information Systems Security Control Specialist identifies areas of improvement in existing processes and controls. Identify gaps and recommend improvements. Supports a strong risk control management culture through the implementation of key risk control programs into the standard operating framework of the business.

This role will be primarily supporting the execution of evidence based control evaluations supporting the Enterprise Cybersecurity Risk Assessment, Risk and Control Self-Assessment (RCSA) and training programs.

Key Responsibilities

·         Assist the effective design and performance of the control environment in conjunction with other lines of defence.

·         Assist in Identifying opportunities for process and control improvements through monitoring of emerging risk, changes to technology environment, industry framework and trends.

·         Assist with the effective implementation, execution, and governance of information security control framework, control objectives and control activities.

·         Assist in performing information security control evaluation and rate controls for design and effectiveness; and in testing technology controls.

·         Assist with the development of cybersecurity awareness and training materials to effectively promote security awareness and best practices, and with ensuring compliance with regulations, policies and industry standards.

·         Track training completion (i.e. attendance, quiz scores, etc.) and distribution of awareness materials. 

·         Compile report status for appropriate governance committee.

Management and Reporting

·         Reports to Senior Risk Manager / CLSi

Key Internal contacts

Information Systems Security team

GIT teams

Key External contacts

n/a

Essential

• Bachelor’s degree in Cybersecurity, Business or IT Technologies

Desirable

• Master’s degree in Cybersecurity, Business or IT Technologies

Desirable

• 2+ years of experience in risk control management or financial services industry experience, with direct experience in risk control management

Essential

• Information security risk control

• Knowledge and understanding of technology risks related to business risks

• Intermediate Microsoft Office skills

• Excellent verbal, written, and interpersonal communication skills

• Strong analytical skills with high attention to detail and accuracy

• Knowledge of control framework and control testing

• Knowledge of technology and information security risk framework – COBIT, FFIEC, NIST, ITIL, COSO, BASEL, or OCC standards

Desirable 

• Certified Information Systems Security Professional (CISSP)

• Certified Information Systems Auditor (CISA)

• Ability to generate, review, edit, and distribute risk control reports

• Experience reviewing testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, and internal controls; and identifying issues resulting from internal and/or external compliance examinations

• Experience with supporting information technology risk control programs that align with technology business function

• Strong ability and experience working with and collaborating stakeholders and team members at all levels and across functional lines