Job Description

About the Company
Our client is one of the largest energy producers in Ontario and they are looking to hire a Senior Information Security Risk Officer.

About the Opportunity

• Role reports to the Section Head, Information Systems, and will be responsible for performing cyber security assessments against industry frameworks, Third party Risk Management, Cyber Risk Management Program, Awareness and Training, oversight of Cyber Governance and Compliance activities, and support Cyber Security projects
• Responsibilities Include (Not Limited to)

• Perform policy gap and control assessments against standard Cyber Security frameworks
• Review policies, procedures, and processes to recommend enhancements and maintain oversight on Cyber Governance, Risk and Compliance process for IT and OT (Operational Technology) systems
• Conduct various risk, control, maturity, and compliance assessments based on established security frameworks including but not limited to NIST CSF, CIS, ISO 27001, ISF, CSA N290.7, NERC-CIP, etc
• Meet with business stakeholders to identify top security risks. Evaluate and perform business level cyber risk assessments using established risk methodology and provide recommendations for improving security posture and resolving identified risk and issues
• Perform Third party Cyber risk assessments by working with vendors and ensure adherence to Cyber Security Terms and Conditions using a Risk based approach
• Assist in maturing the Third-Party Risk Management program by defining security controls based on the risk rating and tiers of the vendors
• Develop and maintain risk registers, risk management framework, risk acceptance forms and maintain GRC tools to provide oversight for the Cyber Security program

About You

• 6+ years of Strong hands-on experience in in Cyber Risk, Threat assessment, SIEM logs and Third-Party Cyber Risk Management
• Advanced knowledge of Cyber Security best practices such as network and application security, mobile device security, Identity & Access Management
• Strong understanding of security concepts and frameworks such as NIST, CIS, COSO, ISO 2700x, CSA N290.7 and NERC-CIP
• Experience with vulnerability assessments, threat vectors, methodologies, GRC tools (like Audit board, Archer)
• Knowledge of Information Systems Security Certification Consortium (ISC2), Sysadmin Audit Network and Security (SANS), or Information Systems Audit & Control Association (ISACA)
• Bachelor\xe2\x80\x99s degree in engineering, Computer Science, Information Technology, or related field

Bonus Items:

• Completed or working towards at least one cyber security certification (i.e., ISC2, ISACA, SANS ICS, ICS-CERT, US-CERT, ISA, CybatiWorks, or other relevant certifications) is considered an asset
• Phishing Simulation and Learning management tool, Python, Data Engineering, Automated Tasks Scheduling etc
• Extensive experience with the following information security concepts: Security Operations (Investigations, Threat Hunting, Patching etc.) Business Continuity, Security Architecture, Secure Cloud Architecture, Incident Response, Information Protection, Access Control
• Additional skills in MS SQL Server, Advanced MS Excel, Power BI, Power Automate, Power Apps

Salary Range
$128,000-$145,000/year

How to Apply
Click the \xe2\x80\x9cApply Now\xe2\x80\x9d button and follow the instructions to submit your resume. Please know that we only accept documents in MS Word or Rich Text formats.
When referencing this job, quote # 380702

You must currently reside within the Greater Toronto Area and be permitted to work in Canada to be considered for this opportunity. A recruiter will be in touch with you if your profile meets our client\xe2\x80\x99s requirements for this role.

Vaco