Senior Security Analyst

Brainhunter is currently seeking “Senior Security Analyst” to work for our valued Financial Service Client. The position requires the successful consultant to be on-site 3 days a week either in Toronto/London /Winnipeg location.As the Senior Security Analyst, you will play a pivotal role in managing supplier risk and enhancing our customer’s trust. In this capacity, you will be responsible for providing insightful analysis on supplier risk, with a focus on conducting comprehensive assessments. These assessments will delve into cybersecurity, privacy, and business continuity management (BCM) for the most part. It will necessitate collaboration with both internal stakeholders and external entities. As a versatile team player, you will also have the opportunity apply your extensive knowledge to a broader range task, as needed. What you will doManage the supplier risk assessment for new vendors, which span security, privacy, and business continuity management (BCM).Perform ongoing security risk assessments and monitor risk posture of existing suppliers.Review supplier contracts to meet security, privacy, and BCM requirements.Audit suppliers to ensure they are meeting their control obligations. Analyse vendor risk and customer relationships by analyzing due diligence questionnaire responses and documentation. Recommend and implement enhancements to the supplier risk management processes. Prepare security risk reports, dashboards, and operational metrics for continuous improvement and monitoring purposes.Maintain and develop team documentation, with the aim of standardizing knowledge base and processes. Update and provide feedback on security policies and procedures in line with current risks and regulations.Share knowledge and train other team members on supplier risk management best-practices. Perform any additional tasks that may stem from being a part of a dynamic and fast-paced environment. This may include conducting technology risk assessments, provide consultations for supplier-provided solutions, support internal audit reviews, and more. What you will bringBachelor’s degree from an accredited college or university or equivalent experienceMinimum of five years of relevant experience, preferably serving as an information technology or privacy professional. Relevant industry certifications (e.g. CISSP, CISM, CRISC, CISA).An understanding of various substantiating materials, including SOC2 and ISO reports, which can be used to assess control effectiveness.A strong technical foundation with experience in security solutions for multi-tier cloud-based applications across platforms such as Microsoft Azure, GCP, and AWS. This expertise should extend to various IT domains, including networks, servers, application development, architecture, storage, and cloud environments, ensuring a holistic approach to information security.Demonstrated self-starter with the desire to ramp up quickly, collaborate, and execute.Excellent time management, critical thinking, analytical, and problem-solving skills.Excellent communication skills, including the ability to present and influence. The ability to multitask and complete assignments within deadlines that may have short lead times.Strong interpersonal skills, capable of interacting at all levels of the organization and with suppliers.Experience in interpreting and consulting on the requirements of the Information Security and Privacy policies and standards within a large organization.Strong knowledge of IT control frameworks, such as COBIT, ISO 27001, and the NIST cyber security framework.Working knowledge of IT Audit processes, including design of control test proceduresAbility to work independently and take initiative in a fast-paced and dynamic environment.Ability to update your manager effectively. A track-record of taking accountability. Prior leadership experience is a plus.Strong working knowledge of threat risk assessment (TRA) methodologies is a plus.How to Apply: Please email your resume to Reema Kaur at [email protected] We thank all applicants for their interest, however only those candidates selected for Interviews will be contacted.