Risk Analyst

We are looking for a Risk Analyst! Reach out if you are interested and feel free to refer friends/colleagues!

Type of Employment: Contract
Title: Risk Analyst
Term: 6 months contract with extension
Location: Toronto – Hybrid 2-3 a week on-site
Job ID number: C1253

Brief Description of Duties:

The primary objective of this position is to critically assess the completeness and accuracy of technology and cybersecurity key risk indicators. This involves performing risk assessments, evaluating existing processes, and documenting processes, risks, and controls in the organization’s technology environment. This will be accomplished by partnering with clients, performing comprehensive review of Infrastructure Technology processes, and identifying key issues.

Specific responsibilities for this role are as follows:

• Evaluate the People, Processes, and Technologies that support a key risk indicator
• Review the design and operating effectiveness test workpapers performed by the RCSA team
• Review the processes and controls supporting how data used to calculate the KRIs are sourced, transformed, and reported
• Document end-to-end process narratives
• Use Microsoft Visio or Lucid chart to map out steps in a process
• Ensure documentation meet Manulife’s standard of quality
• Contribute to the growth and success of our ETS Governance & Control Team by adapting to an ever-changing technical environment
• Research, learn, and apply knowledge to keep up with next-generation technologies in the environment and promote credibility with our partners
• Collaborate effectively within the ETS G&C Team, to support several Governance & Control functions that will leverage parent process information and documentation.

Recommended Skillset:

• Technology audit
• Microsoft Visio
• Excel, Powerpoint and Word
• Strong communication skills
• Ability to read and understand query logic (i.e., SQL, Python, e.t.c)
• Strong analytic skills
• Understanding of IT Risk and Controls
  
• Understanding of cybersecurity and technology risk
  
• Understanding of IT governance
  
• Understanding of Enterprise technology and IT infrastructure
• Understanding of NIST Cybersecurity framework
• Strong Data analysis skills

Requirements: 

• Technology Audit, SOX IT Audit or Technology RCSA experience
• Experience with reviewing Processes, identifying risks and mapping controls to the risks.
• Experience documenting a process from End-to-End, such that the document becomes a point of reference for internal and external stakeholders.
• Strong understanding of controls, audit and risk management
• Highly analytical with strong organizational and problem-solving skills
• Excellent problem solving, analytical skills, including the ability to hold client meetings, obtain evidence, and properly document workpapers independently.
• Strong understanding of audit methodologies, control test execution, risk, and remediation efforts
• Strong written and verbal communication, ability to effectively collaborate with multiple stakeholders
• Bachelor’s degree related to Information Systems, Computer Science, Information System Auditing
• Professional certification(s) related to audit or information risk management such as CISA, CISSP, CISM, CISA, GIAC, CRISC preferred

Must Haves: 

• Min 2+ yaesr of Technology Audit, SOX IT Audit or Technology RCSA experience
• Bachelor’s Degree required.
• Must be able to think outside the box (within reason) if “What can go wrong” is presented to them.
• Must be adaptable.
• Strong Data Analyst skills and be analytical.

Nice to Have: 

• 3+ years of Technology Audit, SOX IT Audit or Technology RCSA experience
• Professional certification(s) related to audit or information risk management such as CISA, CISSP, CISM, CISA, GIAC, CRISC preferred.