Cyber Risk Analyst

We’re looking for a talented Cyber Risk Analyst to grow our team. If your passion lies in understanding and navigating the complex landscape of cyber threats through a lens of advanced risk assessment and mitigation strategies, we have an excellent opportunity for you.

As a key member of our team, you will be actively involved in conducting risk, privacy, and cybersecurity assessments, assisting our high-profile clients in identifying risks, enhancing their security posture, and developing robust strategies to mitigate potential cyber threats.

We believe in fostering a culture of continuous learning and professional development, providing opportunities for you to expand your expertise in cybersecurity, privacy, and risk management. Together, we will tackle challenging projects, innovate solutions, and achieve excellence in our field, ensuring that as our team grows, you do too.

**Key Responsibilities**:

- Assist with conducting information security gap, maturity, and threat risk assessments (e.g., NIST CSF, HITRUST CSF, CIS CSC, etc.).
- Collect information security control evidence from third-party vendors to facilitate the process of conducting third-party risk assessments for our clients.
- Assist with conducting in-depth analysis of business, financial, and IT systems, alongside other data processing systems, to identify technology and privacy risks and provide recommendations for improvements and risk treatment.
- Assist with creating professional reports, providing comprehensive insights into assessment findings, detailed risk information, and expert advice on remediation or risk reduction and treatment strategies.
- Assist in the coordination and documentation of the IT risk control libraries for third-party and threat risk assessments.
- Work collaboratively with the team to strategize engagements, formulate project timelines and requirements, conduct needs analysis, and provide support for other project planning activities.
- Maintain up-to-date knowledge of security threats, industry trends, GRC tools, processes, and technologies.
- Travel to company offices and client locations across Canada.

**Technical Skills**:

- Good understanding and hands-on experience in conducting cybersecurity maturity and risk assessments, including the evaluation of security controls and vulnerabilities.
- Familiarity with cloud service provider security frameworks and configuration best practices such as AWS Shared Responsibility Model, Azure Security Benchmarks, CSA CCM, etc.
- Familiarity with industry regulations and standards, such as NIST SP 800-53, NIST CSF, ISO 27001, HITRUST CSF, CIS benchmarks and critical security controls.
- Good understanding of network systems configurations, Unix, Linux, Windows, and database server configurations.

**Education and Work Experience**:

- Degree in Information Technology, Information Systems, Information Security, or Risk Management (or equivalent work experience).
- At least 2-3 years of professional experience in cybersecurity, with a focus on risk assessment, security controls, and/or compliance.

**Industry Certifications**:

- Willingness to obtain industry certifications (e.g. CTPRP, CISSP, CRISC, CIPP, HITRUST CCSFP, etc.).
- Industry certification in Information Security/Audit is an asset.

**Soft Skills**:

- Exceptional customer service, communication, and interpersonal skills.
- Strong written and verbal communication skills.
- Strong organizational skills.
- Strong time management skills.
- Honesty and integrity.
- Dedication to providing solutions to meet or exceed client's needs and expectations.
- Ability to handle challenges and project workloads.

**Benefits**:

- Company-paid medical and dental benefits and wellness benefits.
- Company-paid continuing professional education and certification maintenance.
- RRSP contribution.
- 4 weeks of paid vacation, with 5 weeks of paid vacation after 5 years of service.
- Company team-building events throughout each year.
- Flexible remote work options.

**Location**:

- You must be located within reasonable travelling distance of the Control Gap Headquarters in Mississauga, Ontario, Canada.
- You must possess reliable transportation to travel to company offices and client work sites.

**Employment Type**:

- Full-time