Share this Job

IS Risk Analyst

Date: Apr 4, 2021

Location: Calgary, AB, CA, T2R-0E4 Vancouver, British Columbia, CA, V6J-4Y3 Winnipeg, MB, CA, R3C-3P1

Company: Wawanesa Insurance


Wawanesa Mutual Insurance is one of the largest property and casualty insurers in Canada with $3 billion in annual revenues and assets of more than $9 billion. Wawanesa Mutual, founded in 1896 with executive offices in Winnipeg, is the parent company of Wawanesa General, which offers property and casualty insurance in California and Oregon, and Wawanesa Life, which distributes life insurance products and services throughout Canada. With over 3,500 employees, Wawanesa proudly serves over two million policyholders through nine regional offices and 41 service offices in Canada and the United States.  Wawanesa actively gives back to organizations that strengthen communities where it operates, donating well above internationally recognized benchmarks for excellence in corporate philanthropy.
We are currently looking for dedicated, driven, and enthusiastic individuals who thrive in an environment that welcomes change and are looking for an opportunity for diverse experience, advancement on a growing team.


Job Overview

Under moderate supervision, the IS Risk Analyst supports all aspects of the information systems and risk management program through supporting policy and framework development, third party risk management and IS risk identification and assessment


Job Responsibilities

  • Support the work of the IS Risk department who is responsible for analyzing and implementing IT Security & Risk Management frameworks, policies, standards and best practices.
  • Maintain and enhance documents, procedures, and processes.
  • Assist in enhancing the existing third-party information security risk management program, including policies and standards, risk model and security questionnaires. 
  • Perform third party risk assessment, including inherent risk assessment, control assessment, finding evaluation and issue management. 
  • Assist in developing and monitoring key risk and performance indicators against risk appetite and limits thresholds and report breaches as per policy and framework. 
  • Act as a trusted advisor to offer internal consultancy advice and practical assistance on information systems risk and control matters throughout the organization.
  • Coordinate and carry out information systems and cyber security risk assessment activities, and prepare reporting and presentations as required.
  • Supports and coordinates internal and external audits for the areas of IT Security and Risk Management.
  • Assist in the development of formal written reports to communicate audit results to management and makes recommendations as appropriate.
  • Perform other duties as assigned.


  • 3 or more years of information system risk and control management field.
  • University degree in computer science, management information system, business administration or a related field of study required.
  • Relevant certification desired: CISA, CISM, CRISC, CISSP, CIA, CTPRP, CTPRA, C3PRMP, CIPP, or related.
  • Solid working knowledge of IT control frameworks such as: NIST, ISO270001, COBIT.
  • Experience in IS risk methodology including risk identification, risk analysis and assessment, risk response and remediation.  
  • Experience in third party information security risk management, including third party risk management program development and third party risk assessment. 
  • Experience in developing and managing key risk indicator (KRI) and key performance indicator (KPI). 
  • Working knowledge and/or hands on experience with IT security policy, procedures and standard development and improvement. 
  • Experience in IT control development, IT control audit and SOC 1 or SOC 2 reporting.
  • Strong organizational and teamwork skills.
  • Ability to communicate in a clear, concise, and persuasive manner to all levels of audience.
  • Experience of working in IS risk and control consulting capacity considered an asset.
  • Experience in IT contract review considered an asset.
  • Experience with GRC (Governance, Risk and Compliance) tools such as RSA Archer, MetricStream, or Lockpath considered an asset.



Wawanesa provides its employees with a respectful, challenging and rewarding environment where they can maximize their potential while contributing to the company’s goals. Our employees are provided with highly competitive compensation packages (salaries, generous vacation allowance, leave top up, goal achievement plan, premium free benefits and a pension plan).  Wawanesa provides a stable and rewarding environment for its employees in today’s challenging markets.

If you are interested in this exciting, challenging position with Wawanesa, apply today with your Resume.

Accommodations are available as needed for all applicants.