Lead Security Metrics Analyst – Apex Systems Inc Toronto, ON


About the Job

Job DescriptionJob #:  920641

Lead Security Metrics Analyst

Are you a security metrics analyst with impeccable communication skills? Apex Systems is a large staffing and consulting firm and we are looking for a security analyst to place at our client, a top 5 bank in Canada.

We have open roles for a lead security analyst (5+ years of experience) as well as roles for more junior analysts.

Client: Top 5 Bank

Location: Scarborough

Contract: Full time opportunity

Application Process: Please apply via the medium on which you are seeing this posting. If you encounter technical difficulties submitting your resume, please send a Word version of your resume to Lina at lmaioranoncolman@apexsystems.com Please reference Security Analyst, Job ID # 920641

Our client offers a collaborative work environment, competitive compensation, and encourages work/life balance by facilitating work from home.

Job Description:

The Metrics Monitoring Lead is primarily responsible for providing day-to-day leadership and oversight of the 1B Test Validation activities in conjunction with the broader 1B function which facilitates independent periodic review of metrics, risk assessments and testing areas across Technology, GITRM and DG&A.

The Metrics Monitoring Lead will work with the Director, IT Risk Monitoring to execute on independent IT Controls Metrics Validation activities as well as report findings to senior stakeholders and ensure exception and remediation efforts are consistently reviewed and addressed.

Accountabilities:

  • Provides overall leadership in the independent validation of control metrics validation activities.
  • Perform independent review of 1A IT controls metric design, implementation, and breach thresholds.
  • Collaborate with the 1A teams in providing recommendations to adapt metrics to a changing cyber risk environment.
  • Ensures that validation activities cover all appropriate controls.
  • Interacts with appropriate teams in to facilitate supporting evidence to facilitate validation activities.
  • Conducts detailed reviews in a constructive manner.
  • Consolidates outcomes of the validation activities and report findings to senior stakeholders.
  • Clearly communicate validation outcomes to stakeholders.
  • Demonstrates understanding of business processes and capabilities being validated
  • Champions and facilitates discussions supporting actions in areas needing improvement.
  • Provide oversight to ensure identified remediation efforts are regularly reviewed and addressed.
  • Actively partners with TBCG, GITRM and DG&A to drive metrics automation.
  • Propose enhancements / solutions that lead to risk reduction.
  • Advises GITRM management of risk issues and/or risk portfolio trends.
  • Cultivates relationships with business leaders, representatives, and other business partners, to ensure that requirements are accepted and well-known (CSA, T&O Risk etc.)
  • Participates in support activities across the broader 1B team activities as needed.
  • Oversees analysts.

Required Knowledge:

  • Possesses a university degree/college diploma in Information Security, Technology or Risk Management or equivalent work experience, and/or 10+ years of experience in IT audit, information security audit or related field.
  • Financial industry experience preferred.
  • Experience performing info security and risk assessments and controls mapping exercises.
  • At least 5 years of overall relevant experience in Info Security, IT Security, IT Risk Mgmt., IT Metrics / KPI / KRI frameworks, and IT Controls governance,
  • Solid experience in IT controls mapping amongst multiple authoritative sources, industry standards, and regulatory requirements
  • Experience with Sarbanes-Oxley (SOX) IT general controls (ITGC) testing / re-testing,  test validation, and reporting
  • Working knowledge / experience with designing / developing / operationalizing IT metrics required to measure control and process effectiveness
  • Ability to review, parse, filter, and report on large volumes of IT metrics data using calculations, scripts, pivot tables, macros, etc. in MS-Excel (or similar tool)
  • Ability to review, rationalize, and report on IT metrics using automated tools such as RSA Archer GRC
  • Ability to compile reports for stakeholders such as, ITRM executives, Internal Audit, Technology owners, Application owners, etc.  
  • Possess strong working knowledge across ISO 27001:2. NIST CSF, SOX, CoBIT and ITIL frameworks
  • Strong experience in facilitating periodic testing and validation review of metrics, IS and Technology controls, and DR activities.
  • CISA, CISSP or other related professional security certifications
  • Information technology/security subject matter expert on technical solutions, standards, process, procedures, compliance, risk and awareness.
  • Possesses analytical and problem-solving skills
  • Maintains an awareness of emerging Information Security technologies and industry trends
  • Project management skills a plus

Job Requirements

  • Possesses expert communication skills, both written and verbal
  • Strong collaboration skills
  • Demonstrates expert leadership skills and capabilities
  • Displays high ethics and trust values
  • Ability to operate effectively in a matrix environment


EEO Employer- Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at   844-463-6178Are you a security metrics analyst with impeccable communication skills? Apex Systems is a large staffing and consulting firm and we are looking for a security analyst to place at our client, a top 5 bank in Canada. We have open roles for a lead security analyst (5+ years of experience) as well as roles for more junior analysts., * Possesses a university degree/college diploma in Information Security, Technology or Risk Management or equivalent work experience, and/or 10+ years of experience in IT audit, information security audit or related field. * Financial industry experience preferred. * Experience performing info security and risk assessments and controls mapping exercises. * At least 5 years of overall relevant experience in Info Security, IT Security, IT Risk Mgmt., IT Metrics / KPI / KRI frameworks, and IT Controls governance, * Solid experience in IT controls mapping amongst multiple authoritative sources, industry standards, and regulatory requirements * Experience with Sarbanes-Oxley (SOX) IT general controls (ITGC) testing / re-testing, test validation, and reporting * Working knowledge / experience with designing / developing / operationalizing IT metrics required to measure control and process effectiveness * Ability to review, parse, filter, and report on large volumes of IT metrics data using calculations, scripts, pivot tables, macros, etc. in MS-Excel (or similar tool) * Ability to review, rationalize, and report on IT metrics using automated tools such as RSA Archer GRC * Ability to compile reports for stakeholders such as, ITRM executives, Internal Audit, Technology owners, Application owners, etc. * Possess strong working knowledge across ISO 27001:2. NIST CSF, SOX, CoBIT and ITIL frameworks * Strong experience in facilitating periodic testing and validation review of metrics, IS and Technology controls, and DR activities. * CISA, CISSP or other related professional security certifications * Information technology/security subject matter expert on technical solutions, standards, process, procedures, compliance, risk and awareness. * Possesses analytical and problem-solving skills * Maintains an awareness of emerging Information Security technologies and industry trends * Project management skills a plus * Possesses expert communication skills, both written and verbal * Strong collaboration skills * Demonstrates expert leadership skills and capabilities * Displays high ethics and trust values * Ability to operate effectively in a matrix environment.

APPLY HERE

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.