Job ID: COT-2023-12
Job Title: Senior Specialist Risk Management
Division: Office of the Chief Information Security Officer
Reports To: Manager Governance, Risk & Compliance
Salary Range: $122,000 to $158,105
Work Location: 55 John Street, Toronto
Job Type: Permanent Full Time
Shift Information: Monday to Friday, 35 hours work week
Risk Assurance is the internal process or methodology the Office of the CISO (OC) employs to create ‘checks’ within the City of Toronto’s governance and risk frameworks. The main focus of the risk assurance practice is to ensure cyber risks are effectively managed. To implement and oversee the Governance, Risk & Compliance Programs and socialize Risk Management principles across the organization to promote awareness and effective management of cyber risks.
In this role, the Senior Specialist Risk Management will ensure that all risks identified during risk assessment processes are assigned to risk owners, and Risk Treatment Plans (RTP) are developed and signed by key stakeholders. In addition, RTPs are monitored, control owners are identified, and control effectiveness are addressed. Further, the Senior Specialist Risk Management will work with key cybersecurity partners such as the City’s Internal Audit Division, Technology Services Division, and Auditor General’s Office to close cybersecurity-related audit findings effectively.
- Implement a risk management strategy relating to cyber for the organization.
- Implement the City’s Cyber Risk Management Framework
- Define and quantify the organization’s risk tolerance for cyber-related risks and ensure the risk approach adheres accordingly.
- Design and implement the NIST framework within Divisions, Agencies & Corporations.
- Test the implementation of Risk treatment plans within Divisions, Agencies & Corporations
- Facilitate and coordinate to respond and close audit findings.
- Schedules regular assessments and testing of effectiveness and efficiency of controls and create GRC reports.
- Assess, and implement information security controls and procedures required to protect the confidentiality, integrity, and availability of information.
- Builds collaborative and productive working relationships across the organization to establish, maintain, and continuously improve cyber risk management capabilities and promote risk awareness and intelligent risk-taking.
- Supports Third Party Risk Management activities
- Develops artifacts to support the implementation of a risk assurance program
- Post-secondary degree in Business or Technology or a related discipline.
- Over six years of experience in Risk Management primarily focused on Risk Assurance/IT audit practices.
- Knowledge of elements of risk, including vulnerability, threat, likelihood, impact, mitigation, and remediation
- Extensive expertise in Information Security or Governance, Risk & Compliance (GRC).
- Extensive experience in conducting third-party assessments, especially on small and medium-sized service providers.
- Must have extensive experience in a Soc 2 Type II report and SOC 27001 Certification
- Experience in conducting PCI assessments or preparing an organization for PCI audits
- Must have experience developing and implementing cyber policies and standards across an enterprise.
- Must have experience conducting risk assessments based on NIST cyber security framework and related standards.
- Preferred Certifications (at least two in the list): CISSP, CISA, CISM, CRISC
- Excellent written & verbal communication skills (comfortable & confident communicating at all levels, including business partners, leadership and vendors.
- Keen attention to detail and strong organizational skills.
- The ability to lead efficient communication between all project stakeholders, including internal teams and clients.
- Ability to achieve business objectives through influencing and effectively working with key stakeholders.
- Excellent problem-solving skills with the capability to identify solutions to unusual and complex problems.
- Highly organized, proactive, self-motivated team player who takes the initiative and can work independently.
- The ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
- Strong analytical skills and ability to prioritize and multitask.
- The ability to manage multiple initiatives while adhering to strict deadlines.
- Able to work exceptionally well under pressure while maintaining a high level of professionalism
- Self-motivated person with a desire to go above and beyond tasks
A normal work week is 35 hours, however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.
*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.
EQUITY, DIVERSITY AND INCLUSION
The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.
The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.
If this role is of interest to you, please submit your resume to email@example.com.