Security Risk Analyst

**Security Risk Analyst**

**Take a central role**

The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment.

Building on the principles that have always guided us - excellence, integrity and respect - we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.

With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers: Working Here - Bank of Canada

Find out more about the next steps in our Recruitment process.

**Did you know?**
The Security Risk Oversight and Policy (SROP) team is the second line of defense in the Bank’s overall enterprise security risk management universe. The team partners with business stakeholders to oversee security risk management practices across all Bank departments. This includes oversight of information security risks, cyber and technology risks, and physical and personnel security risks.

**What you will do**
The Security Risk Analyst is a member of the SROP team within the Bank’s Corporate Security Service (CSS) department and performs security-related risk assessments relating to all the Bank’s critical assets. Following a defined enterprise security risk management approach, the analyst assists Bank business groups in identifying and assessing key risks and controls and recommends appropriate safeguards to protect the confidentiality, integrity, and availability of Bank assets. The Security Risk Analyst also applies and interprets security policies as they relate to risk management and is support the creation and lifecycle management of security policies and associated policy instruments.

Specifically, you will:

- support security risk oversight engagements, performing an in-depth assessment of security risks and controls
- test the effectiveness of security controls using several testing methodologies including tabletop exercises, site visits and red teaming exercises
- provide security advisory services to business stakeholders on completeness and effectiveness of their security controls
- write oversight engagement letters, briefing notes, and security posture reports in clear and concise business language
- support the lifecycle of the Corporate Security Policy and all associated policy instruments (creation, modification, and retirement)

**What you need to succeed**
- strong understanding of physical security risks and controls
- proven oral and written communication skills
- business relationship and/or stakeholder management skills
- ability to work well independently as well as on a team
- problem-solving, critical thinking, and analytical skills

**Nice-to-have**
- valid security and/or related certification (e.g., PSP, APP, etc.).
- knowledge of enterprise risk management approaches and practices, including the three lines of defence model
- knowledge of information security, cybersecurity, and technology risks (including frameworks such as NIST and ISO)
- knowledge of and experience with Government of Canada information technology security policies, directives, standards and guidelines (e.g., Policy on Government Security, management of information technology security, ITSG-22/33/38, Directive on Departmental Security Management)
- knowledge of and experience with Government of Canada Harmonized Threat and Risk Assessment (HTRA) methodology and other security industry standards (e.g., ISO 27001, NIST 800 series, ITSGs, ITIL, PCI)

**Your education and experience**

The position requires a Bachelor’s degree in a relevant field with a a minimum of three years of relevant security experience (i.e., physical and personnel security, policy analysis, communications, business analysis, security analysis and/or information technology security, travel security, in a public or private security function) or an equivalent combination of education and experience may be considered.

**What you need to know**
- Language requirement: English and French essential (bilingual) with a minimum starting level of functional (level 4) in second official language. Training may be provided to help reach the required level of fully functional (level 5) in second official language.
- Priority will be given to Canadian citizens and permanent residents
- Security level required: Be eligible to obtain Top Secret
- Relocation assistance may be provided, if required
- Please save a copy of the job poster. Once the closing date has passed, it will no longer