Senior Cybersecurity Risk Analyst
WELCOME TO SITA
We're the team that keeps airports moving, airlines flying smoothly, and borders open. Our tech and communication innovations are the secret behind the success of the world’s air travel industry.
You'll find us at 95% of international hubs. We partner closely with over 2,500 transportation and government clients, each with their own unique needs and challenges. Our goal is to find fresh solutions and cutting-edge tech to make their operations run like clockwork. Want to be a part of something big?
Are you ready to love your job? The adventure begins right here, with you, at SITA.
ABOUT THE ROLE & TEAM
Supporting the cyber security risk management Team Leader, the Cybersecurity Senior Risk Analyst will contribute to IT risk management practice within SITA EISO team by maintaining and enhancing the IT risk management framework, managing IT exceptions, and supporting third-party vendor risk assessments and monitoring.
As part of the second Lines of Defense (2LoD), the Senior Risk Analyst will also support business and IT projects and collaborate with IT operations teams to assess risks and make objective recommendations to mitigate them.
WHAT YOU WILL DO
- Maintain and improve the IT security risk assessment framework.
- Provide an objective review of business documented identified IT security risks, mitigating controls and support to risk owner for decision.
- Maintain a register of IT risks throughout their lifecycle.
- Maintain and improve third-party risk vendor assessment methodology.
- Carry out security posture and level of assurance review of third parties, document the assessment evaluation and present the results and recommendations to business owner.
- Manage and maintain the security exception handling process, including review of the exception request, risk approval and tracking of the resolution with the exception owner.
- Produce and report IT risk management KPIs and KRIs on a monthly basis.
- Document findings, analysis, and recommendations in clear and concise reports for both technical and non-technical stakeholders.
- Navigate and work effectively across a complex, geographically dispersed organization.
ABOUT YOUR SKILLS
- 3 to 5 years of information system/cyber risk and control management experience, including risk identification, risk analysis and assessment, risk response and remediation.
- Relevant certification desired: CISA, CISM, CISSP, CIA, CIPP, or related.
- Practical experience of assessing risks associated with third-party suppliers and reviewing assurance documents relating to security and IT controls provided by third parties (e.g. ISO 27001, SOC2 certifications, etc.).
- Practical experience of managing an IT exception handling process.
- Ability to influence and engage with risk owner and senior management.
- Ability to adapt quickly to changing priorities and demands.
- Experience in third party cybersecurity risk management, including third party cyber risk and control assessment, risk monitoring and reporting, and issue management.
- Demonstrate good learning attitude and attention to detail.
- Ability to communicate in a clear, concise, and persuasive manner to all levels of audience.
- University degree in computer science, management information system, business administration or a related field of study required.
NICE-TO-HAVE
- Experience in IT contract review is considered an asset.
- Working knowledge and/or hands on experience with information security policy, procedures and standard development and improvement.
- Experience with GRC (Governance, Risk and Compliance) tools such as OneTrust Archer is considered an asset.
WHAT WE OFFER
SITA’s workplace is all about diversity, many different countries and cultures are represented in our workforce. We collaborate in our impressive offices, embracing a hybrid work format. As part of our global benefits, we offer:
- Flex Week: Work from home up to 2 days/week (depending on your Team's needs).
- Flex Day: You may wish to flex your arrival time at the office to beat rush hours or leave earlier for personal commitments. We encourage open communication with your manager about your needs and routine.
- Flex-Location: Enjoy up to 30 workdays of benefits, anywhere in the world!
- Employee Wellbeing: Benefit from the Employee Assistance Program (EAP) provided by SITA, a yearly free service offering practical advice in various aspects of your life.
- Professional Development: Enhance your skills with our training platforms, inclusive of LinkedIn Learning!
- Competitive Benefits: Access competitive benefits tailored to the local market and your employment status.
SITA is an Equal Opportunity Employer and values a diverse workforce. In support of our Employment Equity Program, women, aboriginal people, members of visible minorities, and/or persons with disabilities are encouraged to apply and self-identify in the application process.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
