We are looking for a Risk Analyst! Reach out if you are interested and feel free to refer friends/colleagues!
Type of Employment: Contract
Title: Risk Analyst
Term: 6 months contract with extension
Location: Toronto – On-Site
Job ID number: C1282
Brief Description of Duties:
The primary objective of this position is to critically assess the completeness and accuracy of technology and cybersecurity key risk indicators. This involves performing risk assessments, evaluating existing processes, and documenting processes, risks, and controls in the organization’s technology environment. This will be accomplished by partnering with clients, performing comprehensive review of Infrastructure Technology processes, and identifying key issues.
Specific responsibilities for this role are as follows:
- Evaluate the People, Processes, and Technologies that support a key risk indicator
- Review the design and operating effectiveness test workpapers performed by the RCSA team
- Review the processes and controls supporting how data used to calculate the KRIs are sourced, transformed, and reported
- Document end-to-end process narratives
- Use Microsoft Visio or Lucid chart to map out steps in a process
- Ensure documentation meet Manulife’s standard of quality
- Contribute to the growth and success of our ETS Governance & Control Team by adapting to an ever-changing technical environment
- Research, learn, and apply knowledge to keep up with next-generation technologies in the environment and promote credibility with our partners
- Collaborate effectively within the ETS G&C Team, to support several Governance & Control functions that will leverage parent process information and documentation
- Experience in Technology audits (regulatory background, like SOX or SOC)
- Any Risk type of experience.
- Being able to map or test different controls.
- Technical documentation experience
- Technology audit
- Microsoft Visio
- Excel, Powerpoint and Word
- Strong communication skills
- Ability to read and understand query logic (i.e., SQL, Python, e.t.c)
- Strong analytic skills
- Understanding of IT Risk and Controls
- Understanding of cybersecurity and technology risk
- Understanding of IT governance
- Understanding of Enterprise technology and IT infrastructure
- Understanding of NIST Cybersecurity framework
- Strong Data analysis skills
Nice to Have Skills:
- Technology Audit, SOX IT Audit or Technology RCSA experience
- Professional certification(s) related to audit or information risk management such as CISA, CISSP, CISM, CISA, GIAC, CRISC preferred.
- 3+ years of Technology Audit, SOX IT Audit or Technology RCSA experience
- Experience with reviewing Processes, identifying risks and mapping controls to the risks.
- Experience documenting a process from End-to-End, such that the document becomes a point of reference for internal and external stakeholders.
- Strong understanding of controls, audit and risk management
- Highly analytical with strong organizational and problem-solving skills
- Excellent problem solving, analytical skills, including the ability to hold client meetings, obtain evidence, and properly document workpapers independently.
- Strong understanding of audit methodologies, control test execution, risk, and remediation efforts
- Strong written and verbal communication, ability to effectively collaborate with multiple stakeholders
- Bachelor’s degree related to Information Systems, Computer Science, Information System Auditing
- Professional certification(s) related to audit or information risk management such as CISA, CISSP, CISM, CISA, GIAC, CRISC preferred