Int. Security Risk Analyst (NIST) to roll out a new risk management framework for a large Canadian university

Job Type: Contract
Positions to fill: 1
Start Date: Jun 01, 2023
Job End Date: Dec 26, 2023
Pay Rate: Hourly: Negotiable
Job ID: 130345
Location: Toronto
# of Postions: 1
Location: Toronto 
Duration: 4 Months, strong extension possibility 
Interview: 1-2 rounds
Office: Hybird 2-3 days 
Hours: 7.5

  • We are looking for a Security Risk Consultant to join one of the top Universities in Canada on a 4 month contract on a hybrid basis (2-3 days a week in office).
  • The successful candidate will join the Information Security unit and will report into the Information Security Risk Manager.
  • This team is looking to implement and roll out a new risk management framework and requires a Security Risk Consultant to help define, design, and implement the risk framework.
  • The successful candidate should possess experience in managing and delivering information security projects, creating risk management programs and developing project plans by defining the timelines, tasks, risks, and roll out.
  • Additionally, the Security Risk Consultant will be responsible for providing status updates to leadership members in the business unit.
  • The successful candidate will also act as an advisor who can document security risk framework, policies, standards, and guidelines for the university. This individual is expected to interface with subject matter experts, team leads, legal, privacy, and other individual IT / IS teams across the campuses

Must Haves:
  • 3+ years experience as a Security Risk Analyst 
  • 3+ years experience working on Information Security Risk Management Projects.
  • Experience gathering requirements and putting together project plans to implement a roll out of a new risk management framework
  • Experience with developing information security risk management processes and artifacts
  • Experience working with NIST frameworks such as NIST CSF and NIST 800-53
  •  Agile Project Management experience
  • Strong data analysis and reporting skills
  • Strong in performing security risks assessments
  • Experience with developing information security risk management and governance framework
Nice to Have:
  • Security / Risk certification (e.g. CRISC, CISM, CISA, etc.)
  • Previous experience working at a Higher Education Institution
  • Any other certifications (PMP, etc).  
  • Experience with GRC platform (e.g. RSA Archer or similar)
  • Experience with Dashboarding tools like PowerBI and Tableau