Professional Consulting - Toronto

Our client in Banking & Finance Industry is seeking Information Risk Specialist in Toronto. This is a 6 months contract position.
 
Job Description
 
The Information Risk (IR) Specialist is accountable to ensure that information security and information management risks within technology and business operational areas are managed through the Operational Risk Management Framework; risk are identified, assessed, monitored and reported, appropriate controls are in place, and procedures and activities comply with the Information Security (IS) and Information Management (IM) Corporate Standards, the Information Security Manual (ISM), the Records Retention Schedule (RRS), and relevant local standards and regulatory requirements.

Accountabilities include:
Second Line of Defense Risk Management
• Ensure information risks are identified, evaluated, communicated and subsequently managed for the entire life of the risk. Use appropriate tools and processes (e.g. GRC) to track issues and risks.
• Escalate potential information risk issues to management leveraging Operational Risk functions and reporting. Provide challenge, oversite and currency on resolution plans or risk acceptances.
• Participate in Risk Control Assessments (“RCA”):
As the IS/IM subject matter risk expert, participate in quarterly and annual roundtables or refresh activities with the OROs and business leaders across the enterprise to provide guidance and advice to assist the business areas with evaluating IS/IM Risk.
• Effectively challenging the first line of defense assessment, risk acceptances, exceptions, issues and remediation plans in support of the risk control practices.
• Participate in the Initiative Assessment and Approval Process (IAAP)
As the IS/IM subject matter risk expert, provide an independent risk determination, rating and conditions for approving new initiatives
• Provide oversight on compliance to standards consistent with IS/IM policies and guidelines, and in synergy with the T&O control frameworks,
• Review and provide recommendations to IS/IM policies, and 1st line standards and guidelines.
Consulting and Communication
• Establish and manage working relationships with other Corporate Support Areas, Enterprise Operational Risk Management, Operational Risk Officers, Information Security Officers and the Information Security community to ensure IS/IM Risks are accurately reflected and clearly understood.
Training and Awareness
• Facilitates communication and training, to promote effective Information Security and Information Management risk management behaviors and embed Information Risk controls and practices within the organization, leveraging and reinforcing existing awareness programs.
• Providing risk driven input to new Awareness campaigns and targeted training programs.
• Assist local organizations in developing and implementing their own unit or role specific Information Security training and awareness programs as appropriate.
Authorities:

To deliver on these accountabilities, the incumbent must have the following authorities:
• Recommending – new frameworks and processes as necessary to report IS/IM risk
• Advising – provide insights on enterprise, IS/IM Risks
• Monitoring – of practices, processes, mitigation to ensure compliance with requirements
• Monitoring – results of IS/IM Risk programs to assess their effectiveness
• Escalating – IS/IM Risk issues, exposures
• Coordinating – information required to create reports and metrics for the key risk indicators
• Providing – an independent opinion on IS/IM Risk within RCAs and IAAPs
 
Top Skills/Knowledge:
• Approximately 10 years of related industry experience, preferably in a financial institution
• Experience in Information Security required, Security certifications required
• Knowledge of operational risk and analyzing risk information required
• Outstanding interpersonal, oral and written communication skills
• Sound interpretation and defending skills – this is a “challenge” type role (will be overseeing and challenging the work of the 2nd line of defense) – must be able go back and forth in a professional manner
• Superior analytical skills; ability to frame key analyses required to address critical business issues
• Strong conceptual skills and ability to deal with ambiguity; creative and lateral thinker
• Ability to establish conducive working relationships with stakeholders across a variety of functions including business, operations and technology
• Team-oriented, collaborative and flexible
• Ability to address and deliver against multiple and competing deadlines
 
Nice To Have Skills:
• Working knowledge of Banking Group business preferred
• Knowledge of Corporate Policies, Standards relating to operational risk preferred
• Experience with RSA Archer Enterprise Management system deemed an asset – having to analyze data within this system
Education:
• Bachelor degree in Business or Technology or equivalent experience
Soft Skills/Personality Traits:
• Looking for someone who is open to learning – having the opportunity to learn about leading edge security initiatives
 
Skills:
• Strong logic and data integration skills
• Expert analytical and problem-solving skills, with expert ability to analyze a risk exposures
• Conceptual skills, with an ability to quickly understand concepts and translate them into meaningful information
• Advanced change management skills
• Advanced prioritization skills
• Strong attention to detail and organizational skills
• Advanced planning skills (re finance, resource, strategy, business)
• Expert risk management skills
• Advanced influencing skills
• Advanced stakeholder relationship management skills
• Advanced facilitation/ presentation skills
• Knowledgeable of Capital Market, Personal & Commercial, Wealth Management product and service
• Knowledgeable of systems, network and infrastructure that execute/support Capital Market, Personal & Commercial, Wealth Management product and service
 
To apply, submit your updated resume ona.ravi@maxsys.ca

Candidates must be present in Canada with a valid work permit to be able to apply for this role.
 

Position Type Contract
Application Deadline July 3, 2019
Experience Required 10+ years
Job Duration 6 months
Education Required Bachelors