Analyst, Information Security and Third Party
1 month ago
The CanCap Group (“CanCap”) is a privately-owned Canadian national financial services company with multiple verticals across automotive, consumer, and merchant lending portfolios. We manage the entire lifecycle of the finance receivable from credit adjudication through to contract administration, customer service, default management and post charge-off recoveries.'
Focus is on security management and 3rd party risk management experience. Technical background (IT & Security audit and Security Controls testing and 3rd party risk oversight).
**Key Deliverables**
- Delivering controls testing activities as required, and support in the delivery of testing activity by other colleagues within the team including:
- Development of test plans aligned with the IT, Information Security and Business Protection Standards required controls and testing requirements
- Perform walkthrough and sample-based testing (as needed)
- Conclude on the design adequacy and the operating efficiency of the controls
- Detail the assessment package (write-up and supporting evidence)
- Reporting on the status of controls testing activity and on issues arising from this testing to colleagues at all levels.
- Identify potential risks and issues and raise these.
- Support the remediation of control issues by providing input to appropriate partners in the development of actions.
- Developing and maintaining effective relationships with senior internal and external partners to ensure that IT, information security, and 3rd party risks are managed in line with risk appetite, strategy and objectives.
- Aiding the continuous improvement of the information security mandatory controls framework and controls testing methodology.
- Assisting in the enhancement of 3rd party risk management framework and related policies and procedures.
- Assisting in risk review and ranking of 3rd party providers.
- Performing review of third-party audit reports (SOC2) and related artifacts.
- Supporting Coordination of IT and Information Security audit activities with external auditors.
- Supporting the development and execution of action plans that arise from identified control gaps.
- Assisting in the development of security awareness training for employees to promote a security-conscious culture.
**What you’ll bring**
- A broad knowledge of IT systems, security and/or day to day IT Operations.
- Solid understanding of security and IT general computing controls.
- 3+ years control testing experience in an IT environment or IT audit experience.
- Strong analytical and writing skills.
- Ability to plan, analyze data, and support conclusions.
- A dedication to personal development and a desire to learn.
- The ability to work actively and effectively as part of a distributed team to deliver results.
- Superb communication and collaboration skills.
- Desirable Knowledge and Qualifications
- Relevant industry qualification (e.g. CISA, CIA, CISSP, Certified Ethical Hacker).
- Knowledge of the following: Windows Technologies, Unix, Linux, Oracle, Cloud Computing (AWS, Azure), Cryptography and System Architecture (Jason to review/validate)
**Required Skills**:
- Bachelor's degree, BA, BS in Computer Science, Information Technology or related fields.
- Experience with security frameworks such as ISO 27001, NIST etc.
- Security audit experience.
- Minimum 2 years' experience in Information Security with a focus on cybersecurity.
- At least 2 years' experience in Information Security Governance and Risk and Compliance GRC and ISMS.
- Excellent communication, documentation, and presentation skills
**Preferred Skills/Knowledge**
- Knowledge of cloud computing and hosting such as Azure and AWS.
- Relevant security certification (one or more) of ISC2, GIAC, ISACA, SSCP.
**Additional Information**
This is currently a hybrid work from home and in office position, with 1-2 days in office at our Mississauga or Toronto location. This could change based on the needs of the business.
To be considered for employment you will need to successfully pass a criminal background check, and validation of your work experience.
-
Third Party Risk Analyst
3 weeks ago
Toronto, ON, Canada Quantum Technology Recruiting Inc. Full timePosition: Third Party Risk Analyst Location: Toronto / Remote Job Type: 6+ months contract, full-time Our Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a Third Party Risk Analyst , who has done full-cycle 3rd party vendor risk assessments to support their Information Security Risk Management and...
-
Third Party Risk Analyst
3 weeks ago
Old Toronto, Canada Quantum Technology Recruiting Inc. Full timePosition: Third Party Risk Analyst Location: Toronto / RemoteJob Type: 6+ months contract, full-timeOur Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a Third Party Risk Analyst, who has done full-cycle 3rd party vendor risk assessments to support their Information Security Risk Management and Governance...
-
Third Party Risk Analyst
3 weeks ago
Old Toronto, Canada Quantum Technology Recruiting Inc. Full timePosition: Third Party Risk Analyst Location: Toronto / RemoteJob Type: 6+ months contract, full-timeOur Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a Third Party Risk Analyst, who has done full-cycle 3rd party vendor risk assessments to support their Information Security Risk Management and Governance...
-
Third Party Risk Analyst
3 weeks ago
Old Toronto, Canada Quantum Technology Recruiting Inc. Full timePosition: Third Party Risk Analyst Location: Toronto / RemoteJob Type: 6+ months contract, full-timeOur Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a Third Party Risk Analyst, who has done full-cycle 3rd party vendor risk assessments to support their Information Security Risk Management and Governance...
-
Expert, Information Security Third Party Risk
4 weeks ago
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Toronto, Ontario, Canada Canadian National Railway Full timeAt CN, we collaborate to drive our company-and North America-forward. Be part of our Information & Technology (I&T) team, a crucial piece of the engine that keeps us moving.From enterprise architecture to operational technology, our teams utilize the agile methodology to automate and digitize our railroad, ensuring our operations run optimally and safely...
-
Toronto, ON, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, ON, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Old Toronto, Canada Canadian National Railway Company Full timeExpert, Information Security Third Party Risk Management At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our...
-
Old Toronto, Canada Canadian National Railway Company Full timeExpert, Information Security Third Party Risk Management At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our...
-
Old Toronto, Canada Canadian National Railway Company Full timeExpert, Information Security Third Party Risk Management At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our...
-
Third Party Risk Analyst
1 day ago
Toronto, Canada TEKsystems Full timeThird Party Risk Analyst TEKsystems, a leader in financial services, is seeking an experienced Third-Party Risk Management Consultant to join our clients Intercompany Services division. This is a unique opportunity that starts as a contract position with a clear path to full-time employment for candidates interested in converting to FTE. Key...
-
Third-party Contracting Manager, Third-party
4 weeks ago
Toronto, Canada CIBC Mellon Full time**Company Information**: CIBC Mellon is a leading provider of asset servicing solutions to institutional investors in Canada, including multi-currency accounting, fund valuation, and investment information reporting. We are passionate about providing exceptional client service backed by our culture of innovation and success. Our outstanding employee...
-
Information Security Analyst
1 month ago
Toronto, Canada Canada Life Assurance Company Full time**Job Description**: The Information Security Analyst II is part of the first line of cyber defense team, working with IT and business partners to help them understand and manage information security risks and comply with the organizational information security policies. The role also supports the delivery of analysis-based cyber security services to our...
-
Third Party IT Risk Advisor
4 weeks ago
Toronto, Canada Royal Bank of Canada Full time**Job Summary** Provides technical expertise on the development and support of all activities, processes, and tools needed to protect information security. Applies extensive, in-depth knowledge, skills, and practices to perform complex assignments. This role is specific to supporting RBC’s growing US subsidiary, City National Bank (CNB), as well as...
