IT Risk Analyst FAIR
Sorry, this job is no longer available. Please Search for Jobs to conduct a new search
Eagle currently has a career opportunity for an IT Risk Analyst FAIR and we are looking to speak to qualified candidates with the skills and experience outlined below.
This position is a twelve (12)-month contract located in Montreal, QC to start immediately.
As the IT Risk Analyst FAIR, you will be responsible for:
- Formulating standardized technology risk scenarios;
- Conducting quantitative technology risk analysis using FAIR (Factor Analysis of Information Risk);
- Facilitating risk quantification meetings and working group sessions;
- Identifying internal and external primary/secondary loss, threat event and susceptibility data/information;
- Leading technology risk assessments, analyzing the effectiveness of relevant control activities and reporting on them with actionable recommendations;
- Monitoring technology risk mitigation response plans to ensure that risks owners are taking effective remediation steps;
- Participating in the development and maintenance of a global Technology risk framework;
- Continuously supporting the SMEs in their evaluation of technology risks;
- Capturing, maintaining and monitoring technology risks in one repository;
- Reporting to management concerning all significant residual technology risks and those that exceed their tolerance levels, vulnerabilities and other security exposures, including misuse of information assets and noncompliance; and,
- Maintaining familiarity with industry trends and security best practices.
Skills and Qualifications:
The qualified candidate must have:
- Bachelor’s degree in computer science, information systems or other related fields, or equivalent work experience;
- Seven (7) to nine (9) years’ work experience and a minimum of five (5) years’ experience in IT risk identification and assessment, risk metric monitoring and reporting, and information security practices;
- Experience with a broad range of IT risk analysis activities;
- Experience working with Risk, Security or Audit frameworks (FFIEC, COBIT, COSO, ISO 27001/2, NIST 800-53, SSAE16, SOC2);
- Familiarity with technology risks, including but not limited to cybersecurity risks, and mathematically quantify those risks and/or make recommendations for guidelines that will appropriately mitigate the company’s exposure to those risks;
- Excellent verbal and written communication skills in both official languages, including the ability to write clear, concise, non-technical and persuasive risk evaluation reports;
- Ability to interact and communicate effectively with leadership and staff across both business and technology functions;
- Excellent organizational skills, ability to manage multiple tasks in a fast-paced, dynamic environment and ability to work within tight deadlines;
- Serious passion to learn and explore new problems.;
- Ability to be a self-starter with a strong sense of personal responsibility;
- Strong critical thinking, analytical mindset and project management skills;
- Ability to effectively explain complex situations to non-technical individuals.;
- Ability to lead mitigation/ loss reduction proposals with business justification.;
- Ability to make sound decisions and exercise good judgment pertaining to operating procedures and projects;
- Have an understanding of basic probability principles and decision support technologies (Eg: Monte Carlo functions);
- Understanding of mathematical models for quantifying or classifying risk consistently;
- Ability to keep apprised of advances in risk quantification modelling software and of advances in the science and industry of risk quantification modelling;
- Ability to clearly document and define risk scenarios and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk;
- Mastery of tools and reports to support analysis and risk modelling
- Foundational knowledge of information security concepts.
- Knowledge of risk and compliance assessment processes and control frameworks (NIST, ISO, SOC2, GDPR….) and specifically how to manage the lifecycle of a risk.
- Ability to stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks;
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
- Knowledge of information technology (IT) security principles and products that protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event
- Knowledge of, management systems, network segmentation, asset management, authentication best practices, port scanning and vulnerability identification, monitoring and logging mechanisms, etc.;
- Ability to provide Calibration training to stakeholders;
- Ability to coach junior employees in the field of risk quantification;
- Understanding of the compliance requirement framework such as SOX, 52-109, etc.;
- Ability to work under pressure and meet deadlines;
- Highly ethical and discreet, with ability to maintain confidentiality;
- Excellent interpersonal skills and the ability to empathize with customers, while enforcing the company’s policies;
- Ability to work independently and in a team environment;
- Ability to interact and communicate effectively with staff across both business and technology functions;
- Broad knowledge of information risk management concepts and how these concepts apply to the business;
- Ability to conduct research into existing and emerging security and compliance issues as required;
- Ability to rapidly identify key issues during the first phases of a project and make recommendations; and,
- Relevant industry certifications such as OpenFAIR certification (Factor Analysis of Information Risk), CRISC (Certified in Risk and Information Systems Control) certification, CISA, CISM, CISSP or related security certification (an asset).
Don’t miss out on this opportunity, apply online today!
Eagle is an equal opportunity employer and will provide accommodations during the recruitment process upon request. We thank all applicants for their interest; however, only candidates under consideration will be contacted. Please note that your application does not signify the beginning of employment with Eagle and that employment with Eagle will only commence when placed on an assignment as a temporary employee of Eagle.