Job Description

Security Risk AnalystTake a central roleThe Bank of Canada has a vision to be a leading central bank-dynamic, engaged and trusted-committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada\'s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment.Building on the principles that have always guided us - excellence, integrity and respect - we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada\'s top employers:Find out more about the next steps in our .Did you know?
The Security Risk Oversight and Policy (SROP) team is the second line of defense in the Bank\'s overall enterprise security risk management universe. The team partners with business stakeholders to oversee security risk management practices across all Bank departments. This includes oversight of information security risks, cyber and technology risks, and physical and personnel security risks.What you will do
The Security Risk Analyst is a member of the SROP team within the Bank\'s Corporate Security Service (CSS) department and performs security-related risk assessments relating to all the Bank\'s critical assets. Following a defined enterprise security risk management approach, the analyst assists Bank business groups in identifying and assessing key risks and controls and recommends appropriate safeguards to protect the confidentiality, integrity, and availability of Bank assets. The Security Risk Analyst also applies and interprets security policies as they relate to risk management and is support the creation and lifecycle management of security policies and associated policy instruments.Specifically, you will:

• support security risk oversight engagements, performing an in-depth assessment of security risks and controls
• test the effectiveness of security controls using several testing methodologies including tabletop exercises, site visits and red teaming exercises
• provide security advisory services to business stakeholders on completeness and effectiveness of their security controls
• write oversight engagement letters, briefing notes, and security posture reports in clear and concise business language
• support the lifecycle of the Corporate Security Policy and all associated policy instruments (creation, modification, and retirement)

What you need to succeed

• strong understanding of physical security risks and controls
• proven oral and written communication skills
• business relationship and/or stakeholder management skills
• ability to work well independently as well as on a team
• problem-solving, critical thinking, and analytical skills

Nice-to-have

• valid security and/or related certification (e.g., PSP, APP, etc.).
• knowledge of enterprise risk management approaches and practices, including the three lines of defence model
• knowledge of information security, cybersecurity, and technology risks (including frameworks such as NIST and ISO)
• knowledge of and experience with Government of Canada information technology security policies, directives, standards and guidelines (e.g., Policy on Government Security, management of information technology security, ITSG-22/33/38, Directive on Departmental Security Management)
• knowledge of and experience with Government of Canada Harmonized Threat and Risk Assessment (HTRA) methodology and other security industry standards (e.g., ISO 27001, NIST 800 series, ITSGs, ITIL, PCI)

Your education and experienceThe position requires a Bachelor\'s degree in a relevant field with a a minimum of three years of relevant security experience (i.e., physical and personnel security, policy analysis, communications, business analysis, security analysis and/or information technology security, travel security, in a public or private security function) or an equivalent combination of education and experience may be considered.What you need to know

• Language requirement: English and French essential (bilingual) with a minimum starting level of functional (level 4) in second official language. Training may be provided to help reach the required level of fully functional (level 5) in second official language.
• Priority will be given to Canadian citizens and permanent residents
• Security level required: Be eligible to obtain Top Secret
• Relocation assistance may be provided, if required
• Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.

Hybrid Work ModelThe Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a substantial part of each month as part of the Bank`s hybrid work model, and they are expected on site at the Bank location a minimum of eight days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit .

• Salaries are based on qualifications and experience and typically range from $77,853 to $91,592 (job grade 15)
• The Bank offers an incentive for successfully meeting expectations at 5 to 7% of your base salary. The Bank offers performance pay for those who exceed expectations (10% of your base salary). Exceptional performers who far exceed expectations may be eligible for higher performance pay.
• Flexible and comprehensive benefits so you can choose the level of health, dental disability and life and/or accident insurance coverage that meets your needs
• Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
• Indexed, defined-benefit pension

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.

Bank of Canada