Vancity is looking for an Information Security Risk Management Analyst to join our Information Security Compliance team. In this role, you will elevate our existing risk management practices and play a crucial part in identifying, assessing, and mitigating information security risks across the organization. Vancity is a member-owned credit union built on principles of inclusion and social justice.
What You'll Do
- Assist in developing and implementing a strategic approach to information security risk management across people, process, and technology.
- Lead the development and maintenance of Information Security risk and governance KPI's, KRI's, and SLA's.
- Provide reporting on the status of information security risks to leadership and stakeholders.
- Participate in third-party and supply chain cybersecurity risk assessments.
- Maintain the IT risk register on the GRC platform (Onetrust, Auditboard).
- Perform Security Threat Risk Assessments of all new projects and technology implementations.
- Develop and maintain IT and Security Risk Assessment processes and documentation.
- Advise various teams on risk mitigation and compensatory measures to reduce risks to acceptable levels.
- Foster a risk aware culture across the organization.
What We're Looking For
- A bachelor’s degree or equivalent in Computer Science, Business, or a related field.
- 3-5 years of progressive experience in information security risk management, preferably in a mid-sized corporate organization or a financial institution.
- In-depth understanding of risk management frameworks such as NIST RMF, NIST AI-RMF, ISO 31000, FAIR, and ISO 27001.
- A good understanding of relevant standards and frameworks that apply to the financial services industry such as PCI/ SWIFT/ NIST/OSFI.
- Strong understanding of regulatory requirements and standards (e.g., OSFI, BCFSA, PIPA, PIPEDA).
Nice to Have
- Information Security Certifications in one or more of the following: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM).
Technical Stack
- GRC platform (Onetrust, Auditboard)
Team & Environment
You will be a member of the Information Security Compliance team, reporting directly to the Senior Manager, Information Security Compliance.
Benefits & Compensation
- Compensation range: $92,700 to $115,000.
- Comprehensive total rewards package.
- Customizable flexible benefit packages tailored annually.
- Generous vacation starting at 3-4 weeks per year.
- Extra stat holidays (2 extra days plus care days).
- Immediate health and dental coverage starting on hire date.
- Defined Benefit Pension plan providing a guaranteed income for life.
Work Mode
This role operates on a hybrid model, working from the Vancity head office location and a Lower Mainland based home office.
We are committed to an inclusive, barrier-free and accessible recruitment experience for all candidates. We provide accommodations and support at any stage of the recruitment process.
