Senior Analyst – Cyber Security and IT Risk Management – Global Security
| Company | Royal Bank of Canada |
|---|---|
| Location | Toronto, ON, Canada |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Senior |
Requirements
- Degree in Computer Science, Engineering, or a related field is required.
- Either CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Security Auditor), or CISSP (Certified Information Systems Security Professional) is preferred.
- Minimum of 3 years’ experience in Information/Cyber Security, IT Risk Management, IT Operations, or Technology, with at least 3 years focused on controls testing, internal audit, quality control, risk management, or compliance.
- A strong understanding of technology and cyber risk management is crucial.
- Strong organizational, project management, and time management capabilities are essential.
- Demonstrated excellence in both written and oral communication is a must.
- Strong analytical and rational thinking, supported by solid writing skills are essential.
- An understanding of the financial services industry or technology sector, coupled with a familiarity with regulatory environments, will greatly enhance your ability to succeed in this role.
Responsibilities
- Participate in all phases of the internal control monitoring process, including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports, and maintaining work papers.
- Perform risk-based control assessments to evaluate the design, implementation, and operating effectiveness of IT and Operational Controls.
- Document test work while adhering to quality standards, procedures, and organizational best practices.
- Responsible for executing Control Assessments (i.e., Testing) of Technology and Operation’s [T&O’s] first line Key Controls across various domains (including Cyber security, Cloud Operations, Service and Capacity management, Network Operations).
- Collaborate internally and externally across multiple concurrent testing engagements of varying complexity, ensuring they are completed efficiently and within timelines.
- Analyze, aggregate, and articulate the results, issues, and recommendations related to control testing activities or other control monitoring activities and regulatory exams.
- Establish and maintain strong working relationships across business units and platforms.
- Coordinate with stakeholders to log, manage, and track control deficiencies.
- Serve as a trusted advisor, advising stakeholders on control documentation and testing, ensuring compliance with organizational policies, regulatory requirements, and industry standards.
- Maintain a thorough understanding of external technology and cybersecurity trends, emerging technologies, and internal technology and cyber risk management approaches.
Preferred Qualifications
- A strong understanding of financial services industry and experience with Compliance and Industry framework such as ISO27001, NIST 800-53, NIST CSF, NIST 800-171, COBiT etc.
- Knowledge of OSFI, FINRA, SEC, MSRB, FRBNY and OCC rules and regulations.
- Strong knowledge of rules, regulations and compliance requirements for the financial services industry concerning hybrid cloud and multiple technology domains specific to the areas of oversight.
- Working experience in cybersecurity and/or IT risk management spaces.
- Big Four (4) IT risk consulting and/or audit experience.