Cybersecurity Assurance and Governance Senior Analyst

We offer more than a job, we offer a career!

• We support our employees to shape their career by encouraging continuing education and investing in training and development.
• We put our employees at the center of what we do to allow them to grow personally and professionally, with projects and challenges that are motivating and rewarding.
• We inspire people to do what they are passionate about by believing in integrity, respect and recognition of diversity and community support.
• We are a dynamic team where entrepreneurship, innovation and collaboration are at the core of our values.
• We offer competitive salaries and a multitude of benefits starting day one including generous medical and dental coverage, telemedicine, employee and family assistance program, and retirement and savings programs.
• We recognize the importance of work-life balance with our hybrid work program, wellness allowance, and year-round social activities and events.

We are looking for a Cybersecurity Assurance and Governance Senior Analyst to join our team in our Toronto office!

As a Cybersecurity Assurance and Governance Senior Analyst, you will be responsible and accountable for ensuring effective, comprehensive and seamless operations of BFL's cybersecurity assurance and governance practices. The role is aimed to help fulfill business as usual activities/tasks and provide input into long term strategic cyber initiatives alongside ensuring effectiveness of BFL's information security and IT Risk Management Program by assessing, monitoring and improving the effectiveness of cybersecurity and IT governance and operational controls.

If you are career-minded and looking for a dynamic work environment with a growth mindset, you will love working among our team!

Your Day as a Cybersecurity Assurance and Governance Senior Analyst

Job Description

• This position will primarily focus on due diligence requests, partnership proposals and third-party risk assessments with oversight from the director.

• Lead our cybersecurity risk assessments for our third parties and provide recommendations to strengthen IT risk posture portfolio.
• Monitor cyber posture maturity and the progress of implementing agreed recommendations for cybersecurity remediations through assessments conducted.

• Support and provide internal insights for the externally conducted assurance activity initiatives.

• Review, in partnership with Legal and Compliance, external contracts to identify and notify the IT leadership of potential IT risks to operations, data, systems or clients, etc.
• Maintain visibility and provide reporting on cybersecurity and IT risk posture of third parties and overall portfolio.

• Help develop, operationalize and provide progress reporting on Cyber Control revamp of Third-Party Assessment Plan.
• Help build a trust center for security related responses by enabling a standardized approach regarding due diligence, strategic partnerships, and third-party assessments.

• Build monthly relevant internal cyber hygiene and security awareness program reporting (automation) using vendor tools based on changing priorities.

• Maintain the log of control gap findings log, track progress to resolution and provide regular status reporting on remediation efforts.

• Participate and provide input into the development of the Cybersecurity Roadmap.

• Continuously evaluate emerging and potential security threats and recommend appropriate risk management treatments and controls to adequately enhance cybersecurity control effectiveness and IT risk posture.
• Develop and enable operationalization of the approved cybersecurity governance framework (GRC) requirements, control, processes and artefacts aligned to industry best practice (e.g. ISO, NIST, SOC, CIS, CMMC, Bill 64, etc.) recommendations as suitable for the operating environment to strengthen IT risk posture and operating cybersecurity framework.
• Build trust, understanding and rapport with various stakeholders to ensure Cybersecurity Training and Awareness Program consistently achieves the approved performance targets.
• Monitor and recommend enhancement to Cybersecurity Training and Awareness Program performance metrics.
• Develop Cybersecurity and IT Risk Management governance framework metrics (e.g. IT Risk Appetite Statement, risk assessment criteria, KRI's, KPI's, thresholds, SLA's, etc.).
• Other additional miscellaneous duties and ad hoc requests that come in from a cyber standpoint and special projects as required.

Our Ideal Candidate

• Bachelor's/Master's degree in Computer Science, Engineering, Business Administration or a related field.
• Minimum of 3-5 years of experience in information and cybersecurity, IT Third Party Risk Assessments, Governance, IT audit, IT solutions, regulatory and compliance.
• Demonstrated knowledge within the insurance industry an asset.
• Knowledge/ability to leverage various cybersecurity tools (CrowdStrike, Security Scorecard, etc.) to provide a snapshot of current vulnerabilities/threats.
• Ability to hit the ground running and demonstrated expertise in maintaining the highest level of confidentiality when conducting cybersecurity and IT risk and control assessments and gap analysis advising on risks, threats, vulnerabilities, and making recommendations for risk mitigation and cyber posture improvements.
• Solid working knowledge and practical experience implementing and maintaining operational controls aligned with globally recognized information security frameworks and standards such as the ISO 27001, NIST, CIS, PCI DSS, SOC, MITRE, Bill 64, etc.
• Demonstrated expertise in developing, operationalizing and monitoring cybersecurity and IT risks and controls in all categories of cybersecurity discipline.
• Cyber Security Certification, such as CISSP, CRISC, CERP, CTPRA, CTPRP, CISM, CISA an asset.
• Exceptional oral and written communication, presentation, critical thinking, problem solving and analytical skills with the rare ability to pay attention to details while maintaining a strategic and pragmatic approach.
• Effective relationship building and collaboration skills. Role model in cybersecurity discipline and practices.

Who we are

Founded in 1987 by Barry F. Lorenzetti, BFL CANADA is one of the largest employee-owned and operated Risk Management, Insurance Brokerage, and Employee Benefits consulting services firms in North America. The firm has a team of more than 1300 professionals located in 27 offices across the country. Our employees have free rein to demonstrate their creativity, leadership, and entrepreneurial skills since we believe in each one of them. BFL CANADA is a founding Partner of Lockton Global LLP, a partnership of independent insurance brokers who provide Risk Management, Insurance and Benefits

Our Toronto office is located in beautiful downtown, in the core of the Financial District. Easily accessible by public transit, our office is close to a plethora of top-notch restaurants, ideal for enjoyable lunches or drinks after work.

Let's stay in touch: follow us on LinkedIn to get privileged access to our activities and see our other job opportunities.

Visit our website to learn more about us: www.bflcanada.ca

We welcome and encourage applications from people with diverse abilities. BFL Canada is committed to fostering an environment that is diverse, equitable, inclusive, and accessible to all. The diversity of our talents enables innovation and creativity through diverse backgrounds, different thinking, and unique knowledge. Accommodations are available on request for candidates taking part in all aspects of the selection process.

Offers of employment at BFL CANADA are conditional upon satisfactory results of background verifications.

#LI-Hybrid