IT Risk & Compliance Analyst 2

1 Robert Speck Pkwy, Mississauga, ON L4Z 2G5, Canada

About Symcor

Symcor enables secure data exchanges and supporting business processes, to help clients succeed in an evolving digital world. Trusted by Canada's largest institutions for over 25 years to support their digital transformations, Symcor aligns industry participants to solve common challenges in the most effective and efficient way. Our goal is for every employee to feel valued and accepted as part of the team and connected to Symcor and our values, fostering a sense of belonging. Symcor is an equal opportunity employer and is committed to providing an accessible recruitment process. If you need accommodation for the interview process, just let us know!
#youbelonghere

Executes the design, management, implementation and monitoring of the IT Risk and Compliance program at Symcor, and audits/client assessments to ensure compliance with Symcor, Regulatory and client requirements. Works with various stakeholders for mitigating and managing IT risks. Executes on enterprise-wide technology controls through control design and effectiveness testing. Maintains and monitors IT Risk and Control governance and compliance related processes, procedures and controls to improve the IT control environment, in accordance with Symcor’ IT Compliance Framework, IT Risk Policy and Information Security Policy.

This is a hybrid role with requirements to be on site 3 days a week, providing a balance between remote flexibility and in-person collaboration.

About The Role:

• Execute the design, management, implementation and monitoring of Symcor’s IT Risk and Compliance program to manage risk in accordance with Symcor’s policies and procedures and within Symcor’s risk tolerance level and client MSAs requirements. Assist in development of risk mitigation plan to mitigate/eliminate any identified risk.
• Conduct IT risk assessments as per Symcor’s IT Risk Policy and risk assessment reports
• Under the guidance of manager and/or senior IT Risk and Compliance analysts, prepare and evolve periodic IT Risk Management Reports, including Risk Profiles, KRIs, KPIs and dashboards for all technology domains, to management.
• Assist in annual security planning by maintaining the risk register and by providing analysis of trending related to KRI's.
• Perform ongoing review risk trends and report (as required) to applicable information custodians and manager.
• Track and report completion of action plans; provide status update to manager/information custodians on completion of action plans.
• Participate in the development, review, maintenance and implementation of policies, frameworks and standards, including Information Security policy, IT Risk policy, Information Security standards and IT Compliance Framework to ensure IT compliance and governance and effectively manage IT risk for Symcor and clients.
• Participate as IT representative to interface with Internal & External Audit, Assessors, Vendors and Client as per guidance provided by manager and/or senior IT Risk and Compliance analyst.
• Interface with the client, external third-party assessors and internal auditors to organize reviews/audits.
• Collect, review and organize evidence in preparation of the client/external internal audit compliance review meetings.
• Review the client/external/internal audit assessment reports and solicit responses/management plans from relevant internal teams.
• Communicate the management responses to the applicable external/internal reviewers.
• Participate in the design, development, execution/testing and monitoring of IT controls to identify gaps and ensure compliance with Symcor IT policies, procedures and standards.
• Assess risk associated with control gaps and assist in engaging management and key stakeholders to develop and implement remediation plans within established timeframes based on the risk identified.
• Prepare and evolve periodic IT compliance management reports and dashboards.
• Communicate testing progress reports (as required) to applicable control owners, and manager.
• Assist in the design, development, and roll out/facilitation of the information security awareness training program in collaboration with HR to educate Symcor employees and raise awareness regarding information security and IT risk.
• Provide updates to manager regarding the effectiveness and maturity of Symcor’s information security program, including external and internal security trends and IT risk posture.
• Provide timely delivery and support to Information Security Operations team, as assigned to ensure control effectiveness for applicable processes.
• Execute firewall rule review and approval process.
• Monitor data leakage prevention and follow-ups.
• Review and manage privileged id request and approval.
• Coordinate execution of internal and external penetration testing.
• Review and approve SSL Certificate for internal and external clients.
• Assist in the review of policies and procedures, architecture diagrams, solution designs document and other similar documents and provide input/feedback from IT Risk and Compliance perspective.

What You Need to Succeed:

Education:

• Completion of a post-secondary college diploma or university degree in a related discipline or a combination of education, training and experience deemed to be equivalent.
• CISA, CISSP, CISM, CRISC, CIA, CGEIT or similar active certification

Experience:

• Must have at least 3+ years of experience in IT Security, IT Risk. IT Audit and/or IT Governance field.
• Strong knowledge and/or prior experience in the financial services industry.

Skill requirements

• Strong knowledge of regulatory and industry standards such as PCI DSS, ISO27002, COBIT, Trust Services Principles and other security/IT governance specific industry frameworks.
• Experience working with GRC Tool.
• Awareness of IT Risk and Compliance trends in the industry and with 3rd party vendors.

What’s In It For You

At Symcor, we define our success by what we help others achieve. We were created to support our clients and, through our products,services,and solutions, protect and strengthen their brands. We care about each other, reaching our potential, making a difference to our communities, and achievingsuccessthat is mutual.

• A comprehensive Total Rewards Program that includes a competitive compensation package, flexible benefits and time away options, retirement and savings plans and a commitment to your overall health and well-being through our myWell-being program.
• Leaders who support your development through coaching and managing opportunities.
• Ability to make a difference and lasting impact.
• Opportunities to do challenging work and progressively take on greater accountabilities for growth.
• We foster an inclusive atmosphere of One Symcor with our philosophy of +1 Unique You, we harness each employee’s uniqueness, different skills, backgrounds, and perspectives to contribute to mutual success. It is the diversity of our people and the inclusive environment that has been and will always be key to Symcor’s success.

Symcor is an equal opportunity employer and is committed to providing an accessible recruitment process. Upon request, we will provide accommodation for candidates.

1 Robert Speck Pkwy, Mississauga, ON L4Z 2G5, Canada