Cyber Security Analyst

Join a Challenger Being a traditional bank just isn’t our thing, so we challenge ourselves to get creative in providing innovative banking solutions for Canadians. How do we get there? With a talented team of inquisitive and agile challengers that break through the status quo. So, if you’re passionate about redefining the future of banking—while having fun—this could be your next big opportunity. Our company continues to grow, and today we serve more than 670,000 people across Canada through Equitable Bank, Canada’s Challenger Bank™, and have been around for more than 50 years. Equitable Bank’s wholly-owned subsidiary, Concentra Bank, supports credit unions across Canada that serve more than six million members. Together we have over $125 billion in combined assets under management and administration, with a clear mandate to drive change in Canadian banking to enrich people’s lives. Our customers have named our EQ Bank digital platform eqbank.ca one of the top banks in Canada on the Forbes World’s Best Banks list since 2021. The Work The Cyber Risk & Governance Analyst, as part of the Information Security Governance & Third-Party Cyber risk team, is responsible for analyzing and assessing the organization’s information security risks and ensuring that risk management activities are operationalized to keep the bank’s Technology Risk profile within the organization’s risk appetite. This includes managing the company’s risk register, ensuring that it is accurate, up-to-date, and reflective of the current risk environment. Facilitating risk identification and assessment workshops with stakeholders across the organization, recording risk information in the register and assigning risk owners to ensure timely and effective risk mitigation. Also ensures that risks are being effectively monitored and reported up to management. Additionally, this role supports the effective management of third‑party cyber risks by conducting third‑party cyber risk assessments. The analyst will collaborate with other technology departments, the Risk Management Group, Internal Audit, and key business stakeholders throughout the company to manage and maintain the risk register, evaluate overall information technology risk, and manage reporting on digital and technology third‑party cyber risks. The analyst will also provide recommendations to enhance the organization’s information security posture, assist in implementing information security policies and guidelines, and support regulatory compliance efforts. While third‑party cyber risk management activities are not a primary function of this role, this role is expected to support the third‑party cyber risk management activities as required. The Core Responsibilities By collaborating with multi-disciplinary teams, cross‑functional departments, stakeholders, and vendors, this role is responsible for implementing and measuring various aspects of corporate cyber risk and compliance matters. The role will support project teams and work towards ensuring that the organization is meeting the necessary regulatory requirements. Maintaining and updating the cyber risk register to ensure it accurately reflects the current risk profile of the organization. Collaborating with stakeholders across the organization to identify and assess potential risks and control measures, and documenting these in the risk register. Regularly reviewing risk ratings and mitigation strategies in the risk register to ensure they remain relevant and effective. Monitoring and reporting on cyber risk management activities including trends and remediation progress to management and other stakeholders. Identifying opportunities to improve risk management processes and the use of the risk register and working with relevant stakeholders to implement these improvements. Staying up to date with industry trends and best practices in cyber risk management. Ensuring the alignment between the risk register and the company’s overall cyber risk strategy. Providing training and support to other employees on risk management processes and the use of the risk register. Conducting cyber‑risk assessments of third‑party vendors, including gathering data, performing analysis and providing recommendations. Reviewing and analyzing vendor security policies, procedures and controls to ensure compliance with regulatory requirements and industry standards. Developing risk assessment reports and other documentation for third‑party vendors, including risk ratings, mitigation plans, and recommended actions. Collaborating with stakeholders to ensure that third‑party vendor risk assessments are conducted in a timely and effective manner. Assist with the preparation and execution of audit, red team, and tabletop exercises by efficiently collecting and organizing relevant information, and effectively communicating findings and recommendations to key stakeholders. Provide cyber security governance and cyber risk management expertise and guidance to project teams and other stakeholders. Fostering a risk‑aware culture throughout the organization, where cyber risk is integrated into all operational processes. Let’s Talk About You Bachelor’s degree in computer science, Information Security, or a related field. At least 3 years of experience in cyber security governance and risk management (or related 2nd or 3rd line‑of‑defense). Strong understanding of cyber security risk management methodologies and frameworks. Knowledge of industry regulations such as NIST, OSFI B‑13 and OSFI B‑10. Strong analytical and problem‑solving skills. Excellent communication and interpersonal skills. Maintain or working towards a CRISC, ISO27001 Lead implementer/Lead Auditor, CISA or CISM certification or similar is required. What we offer (For full‑time permanent roles) Competitive discretionary bonus ✨ Market leading RRSP match program