3rd party Cyber Risk Analyst

Apply now »

Date: Sep 17, 2024

Location: Hybrid - Canada, CA

Company: Wawanesa Insurance

Job ID: 8565 


Working Business Language: This role is considered a head-office role and will be required to communicate with internal stakeholders across Canada where the primary business language utilized is English.

Salary: At Wawanesa, salary is only one component of a holistic, comprehensive and competitive offering that we provide to our employees. In addition to salary, full-time and part-time permanent employees are eligible for an annual bonus plan, leave of absence top-up programs and provided with generous vacation time, personal days, premium free benefits and pension plan. 

The salary offered for this role is determined with consideration to various factors, including but not limited to: your work location, local labour market conditions, external market salary data, internal pay equity and the knowledge, skills, experience and anticipated proficiency in the role. The salary offered is estimated to be within the following range: $85, 000 - $120, 000. Candidates with salary expectations outside of the range are still encouraged to apply.

 

About Us
At Wawanesa, we’re proud to offer a hybrid work environment that offers flexibility to our employees in balancing in-office (2 days per week OR 15 hours per week in a Wawanesa office) and remote work. You may work from any of the following locations: Winnipeg, MB; Wawanesa, MB; Vancouver, BC; Calgary, AB; Edmonton, AB; Lethbridge, AB; Toronto, ON; Kitchener, ON; Thunder Bay, ON; Ottawa, ON; Montreal, QC; Moncton, NB; Dartmouth; NS 
 

The Wawanesa Mutual Insurance Company (“Wawanesa Mutual”), founded in 1896, is one of Canada’s largest mutual insurers, with over $3.5 billion in annual revenue and assets of $10 billion (CAD). Wawanesa Mutual, with its National Headquarters in Winnipeg, is the parent company of Wawanesa Life, which provides life insurance products and services throughout Canada, and Western Financial Group, which distributes personal and business insurance across Canada. Wawanesa proudly serves more than 1.7 million members in Canada, and we are home to more than 3,600 employees distributed across the Canadian regions and communities where we operate. We give back to organizations that strengthen communities, donating more than $3.5 million annually to charitable organizations, including over $2 million annually in support of people on the front lines of climate change. To learn more visit wawanesa.com. 


We are currently looking for dedicated, driven, and enthusiastic individuals who thrive in an environment that welcomes change and are looking for an opportunity for diverse experience and advancement on a growing team.
 

Job Overview

Job Overview
Under moderate supervision, the Cyber Risk Analyst supports all aspects of the third-party cybersecurity risk management program through supporting policy, process and framework development and enhancement , third party cyber risk identification, security control assessment, and control gap remediation.  
 
Job Responsibilities

  • Support the work of the Information Security department who is responsible for analyzing and implementing information security & risk management frameworks, policies, standards, and best practices.
  • Perform activities throughout third party cybersecurity risk management lifecycle, including inherent risk assessment, security control assessment, issue management, remediation plan development, and ongoing monitoring.  
  • Perform contract review and participate in contract negotiation to ensure adequate cybersecurity clauses are included 
  • Perform third party cyber security control re-assessment as required, including evaluate relevant attestation reports, such as SOC 2, penetration test report etc.
  • Participate in third party  cybersecurity incident response as required.
  • Provide coaching to junior team members and successfully lead projects/tasks with minimal supervision
  • Act as a trust advisor to offer advice and practical assistance on cybersecurity risk identification, finding remediation, and control design.
  • Assist in developing and monitoring key risk and performance indicators against risk appetite and limits thresholds and report breaches as per policy and framework. 
  • Assist in the development of formal written reports to communicate audit/cybersecurity assessment results to management and make recommendations as appropriate.
  • Liaise, coordinate, and support security control remediation efforts as required.
  • Perform other duties as assigned.

Qualifications

  • 3 to 5 years of information system/cyber risk and control management experience.
  • University degree in computer science, management information system, business administration or a related field of study required.
  • Relevant certification desired: CISA, CISM, CRISC, CISSP, CIA, CTPRP, CTPRA, C3PRMP, CIPP, or related.
  • Good knowledge of IT and cybersecurity control frameworks such as: NIST, ISO27001.
  • Experience in IS risk methodology including risk identification, risk analysis and assessment, risk response and remediation.  
  • Experience in third party cybersecurity risk management, including third party cyber risk and control assessment, risk monitoring and reporting, and issue management.
  • Working knowledge and/or hands on experience with information security policy, procedures and standard development and improvement. 
  • Experience in IT and cybersecurity control audit/assessment and third-party attestation report assessment, such as SOC reporting 
  • Strong organizational and teamwork skills.
  • Demonstrate good learning attitude and attention to detail. 
  • Ability to communicate in a clear, concise, and persuasive manner to all levels of audience.
  • Experience in financial service industry considered an asset. 
  • Experience working in a cyber security risk and control consulting capacity is considered an asset.
  • Experience in IT contract review is considered an asset.
  • Experience with GRC (Governance, Risk and Compliance) tools such as Archer, is considered an asset.

#LI-AT1


Wawanesa is proud to be one of Manitoba’s Top Employers, a Kincentric Best Employer in Canada and a Forbes Best Employer in Canada recognizing an exceptional place to work!


Diversity Equity, Inclusion & Belonging
Wawanesa is an equal opportunity employer and is committed to fostering a diverse workforce that is equitable and inclusive for all. Wawanesa provides equal employment opportunity to all employees and applicants without regard to an individual’s protected status: race/ethnicity, colour, religion, creed, sex or gender, sexual orientation, gender identity or expression, family or marital status, pregnancy/childbirth or related conditions, national origin, disability, military or veteran status, or any other protected status. Disability or medical-related accommodations are available upon request throughout all aspects of the recruitment and selection process. Candidates requiring reasonable accommodations may contact, in confidence, jobs@wawanesa.com.   

If you are interested in this exciting, challenging position with Wawanesa, apply today with your Resume.


All Wawanesa job applicants are subject to Wawanesa's Privacy Policy