Cybersecurity Governance Analyst
| Company | Aviva |
|---|---|
| Location | Toronto, ON, Canada, Markham, ON, Canada |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Mid Level |
Requirements
- 3-5 years of experience in cybersecurity governance programs and processes, risk management and reporting.
- Good knowledge of cybersecurity and technology concepts.
- Knowledge and practical experience in applying security standards and frameworks (e.g. NIST, ISF, ISO, PCI DSS).
- Strong written and verbal communication skills; ability to communicate cybersecurity and risk-related concepts to technical and non-technical audiences at various levels.
- Demonstrated ability to establish effective working relationships and collaborative work approaches with both internal and external contacts.
- Attention to detail and strong problem-solving skills.
- Experience with using GRC platforms and data platforms (e.g. Archer, IBM OpenPages, Qlik).
- Good understanding of the insurance or banking industries.
- University degree or college diploma in Computer Science, Information Security Management, Cybersecurity Risk Management, or equivalent professional experience within Cybersecurity.
Responsibilities
- Be a domain expert at a high level and respond to client/regulatory requests regarding Aviva’s Cybersecurity program.
- Develop and enhance Key Risk Indicators and Key Performance Indicators in support of cybersecurity risk management initiatives and executive reporting.
- Perform annual cybersecurity controls reviews and manage issues and actions for the Cybersecurity department.
- Perform periodic NIST CSF self-assessments and support the development and implementation of remediation activities to resolve control deficiencies.
- Support compliance with industry frameworks and standards such as PCI-DSS and ISO27001.
- Work with the security education team to facilitate the execution and reporting for the phishing program and manage security awareness training assignments for our colleagues.
- Generate and review content regularly for our Security Education and Awareness program. Coordinate and lead cybersecurity awareness campaigns.
- Review and update Security Policies annually, as well as draft new policies and standards where required.
- Manage Aviva’s GRC solution overall and implement enhancements for Cybersecurity Governance workflow.
- Ensure timely completion of work you’re leading and reporting schedules.
- Promote effective security practices, technologies, and processes with partner groups.
- Address requests from IT and business users on security related matters and take ownership of the same to conclusion and satisfaction.
Preferred Qualifications
- Professional designation relating to cybersecurity or IT risk (e.g. CISSP, CISA, CISM, CCSP/CCSK, GIAC, CompTIA Security+) is an asset.