Information Security Risk Management Analyst

About Vancity

Vancity is a member-owned credit union built on the principles of inclusion and social justice. A relentless commitment to their values has helped them challenge the status quo and break down barriers since day one in 1946. They have bold commitments to make Vancity net-zero by 2040 across all mortgages and loans and are pursuing strategies on Indigenous banking and to improve the financial resilience of their members.

Vancity is the largest private sector Living Wage Employer in Canada and has been consistently recognized as one of the Top Employers in Canada. If you’re interested in joining their team of 2,700 diverse individuals and accessing competitive rewards and benefits, all while knowing you are part of a greater movement, then apply today!

About the workplace

The Information Security Risk Management Analyst will elevate existing risk management practices and processes. As a member of the Information Security Compliance team, they will play a crucial role in identifying, assessing, and mitigating information security risks.

This is a permanent, full-time role that will enjoy hybrid working arrangements which can be fulfilled primarily from the Vancity head office location and your Lower Mainland based home office. Periodically, you’ll be required to attend in-person activities or events.

A typical day would involve:

• Assist the Senior Manager, Information Security Compliance in developing and implementing a strategic approach to information security risk management across people, process, and technology.
• Lead the development and maintenance of Information Security risk and governance KPI's, KRI's, and SLA's. Assist with metrics creation and reporting. Provide reporting on the status of information security risks to leadership and stakeholders.
• Participates in third-party and supply chain cybersecurity risk assessments.
• Maintain the IT risk register on the GRC platform (Onetrust, Auditboard).
• Perform Security Threat Risk Assessments of all new projects and technology implementations.
• Develop and maintain IT and Security Risk Assessment processes and documentation.
• Advise various teams on risk mitigation and compensatory measures to reduce risks to acceptable levels, using knowledge of Vancity policies, technologies, standards and industry best practices.
• Foster a risk aware culture across the organization.
• Other duties as assigned.

You have:

• A bachelor’s degree or equivalent in Computer Science, Business, or a related field
• 3-5 years of progressive experience in information security risk management, preferably in a mid-sized corporate organization or a financial institution
• Information Security Certifications in one or more of the following are desirable: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM).
• In-depth understanding of risk management frameworks such as NIST RMF, NIST AI-RMF, ISO 31000, FAIR, and ISO 27001
• A good understanding of relevant standards and frameworks that apply to the financial services industry such as PCI/ SWIFT/ NIST/OSFI
• Strong understanding of regulatory requirements and standards (e.g., OSFI, BCFSA, PIPA, PIPEDA)

You are:

• An exceptional communicator - you are comfortable communicating with stakeholders across different levels of the organization. You demonstrate confidence and provide highly specialized technical expertise and advice.
• Flexible – You have a willingness to work in a highly flexible environment with multiple competing priorities.
• Organized - Good multi-tasking skills and the ability to prioritize work based on risk and business needs

We value lived experience, so if you are interested in this role, we encourage you to apply even if you feel your skills don't perfectly align with those listed.

The salary range for the role is $81,000 to $122,000.

Posting Deadline: Posted until Filled

We offer:

• We are the largest private-sector Living Wage Employer in Canada and have been consistently recognized as one of the Top Employers in Canada.
• Our permanent employees qualify for attractive benefit packages that can be customized and changed each year to meet their evolving needs.
• New employees receive between three to four weeks of vacation allowance per calendar year, and the number of vacation days grows — to a maximum of six weeks per year — as their length of service increases. In addition, full-time, permanent staff may be able to purchase extra days of vacation through our flexible benefits package.
• In addition to the 10 statutory holidays in British Columbia, Vancity provides an additional three statutory holidays. We offer care days for periods of short-term personal illness or emergency family illness, plus opportunities to take unpaid leave for a variety of reasons.
• Our health care & dental benefits offer three levels of health care and dental coverage for you to select from. These benefits will also be effective immediately based on your hire date.
• We understand that retirement means different things to different people and at Vancity we will offer you a Defined pension plan that pays you a retirement income for life.

Please note that all shortlisted candidates for this role will be required to complete a background check which includes employment verification, credit check, and a criminal record check. Vancity is an inclusive and equitable employer and actively seeks to advance racial equity, inclusion and belonging across the organization. Vancity offers required accommodations in all stages of the recruitment process. If you require an accommodation, please advise us, and we will work with you to meet your needs.

Education

• Bachelors or better in Computer Science
• Bachelors or better in Business

Licenses & Certifications

• Cert Info Systems Auditor
• Cert Info Syst Security