Our valued client is looking for a Intermediate Governance, Risk and Compliance (GRC) Analyst to ensure that the organization’s information systems are protected by completing technical control reviews and reporting on compliance.
Annual Salary approximately from $83,.00 to $98,.00
This is 1-year term position with the possibility of extension.
Tasks include:
1. Ensure that the organization's information systems are protected by completing technical control reviews and reporting on compliance
2. Perform information risk assessments and provide guidance on industry best practices and alignment to standard cybersecurity frameworks (ISO, NIST)
3. Monitor and measure overall information security practices across the different technologies and processes
4. Work with the team to update and design new information security policies.
5. Improve information security through security awareness programs, policies, guidelines and standards, as well as through the ongoing integration of information security within business strategies.
6. Contribute to policy writing and building out a vendor management / third party management program
Must have:
7. Eligible for reliability clearance
8. Minimum 2 years of previous experience as senior GRC and/or audit role. Experience in the IT field is not mandatory but highly desirable
9. Prior GRC experience, such as:
10. Participating in audits, and being exposed to how evidence is gathered
11. Experience with installations and implementation of security solutions across various computing platforms and network infrastructure
12. Experience with management of both physical and logical information security systems
13. Experience with vulnerability assessment, security audits, TCP/IP, intrusion detection systems, and firewalls
14. Experience with weighing business risks and suggesting appropriate information security measures
15. Experience applying IT security policies
16. Experience using a GRC tool
Nice to have:
17. College diploma or certificate in Computer Science, Computer Systems Engineering or a related field
18. Certified Information System Security Professional (CISSP) certification or equivalent (eg: CISA) certification
19. Bilingualism (English/French)
20. Knowledge of ISO, ,, or