Associate Cyber Technology Risk 12 month contract
Associate Cyber Technology Risk 12 month contract
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The work of our Technology and Operation (T&O) Risk team is essential to the organization. We are looking for an Associate to support the delivery of information security risk assessments and control reviews for our existing inhouse and third party SAAS applications and systems including preonboarding assessment and thirdparty security review. The Associate Cyber & Technology risk Management role is part of the Information Security & Risk Management group and reports to the Director Cyber & Technology Risk. This position provides an opportunity to build rapport through engagement with key stakeholders across the organization.
Responsibilities:
- Complete timely security assessments of thirdparty engagements vendor controls and network integration to identify document and communicate key risks and gaps.
- Review contracts to ensure appropriate data security terms are included to protect CPP from data and content security risks.
- Perform risk assessments on Critical systems applications and networks to identify control gaps and vulnerabilities and recommend corrective actions or countermeasures. Raise issues in the Issues Management system and work with the business for timely completion of the recommended actions.
- Collaborate with business and security architecture team to gauge the current state and target state architecture future developments and critical change to Identify and document the risk exposure mitigation plans and track remediation.
- Lead and support the cyber and technology projects managing multiple deliverables simultaneously and dynamically prioritizing in alignment with the changes in technology and business environment.
- Maintain and evolve active partnership with Technology & Operations Operational Risk corporate functions and Audit team to ensure an alignment across technology and risk domains.
Qualifications :
- At least 35 years of experience in information security and/or thirdparty risk management with experience in a technical setting and expert in information security review of systems and architecture risk assessment at financial institutions investment companies or other large industry or public sector companies.
- Strong knowledge and skills in various systems and architecture domains such as cloud computing network security web services data protection encryption SDLC authentication etc.
- Strong knowledge of cloudbased models (SaaS PaaS IaaS) and technologies used to implement controls within these environments network security application security and vulnerability management.
- Proficient in using various tools and methodologies for systems and architecture risk assessment and audit such as SOC NIST ISO COBIT OWASP etc
- Report writing and communication skills being able to structurally document and present the assessment overview finding and recommendation to both technical and nontechnical audiences.
- Detailoriented individual with organizational critical thinking analytical and problemsolving skills; able to maintain a balance between the details and the larger picture.
- Undergraduate university degree preferably in Technology and Certifications in systems and architecture security and risk management such as CISSP CISA CRISC etc. are preferred.
Additional Information :
Visit our LinkedIn Career Page or Follow us on LinkedIn. #LIKE1 #LIOnsite
At CPP Investments we are committed to diversity and equitable access to employment opportunities based on ability.
We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.
Our Commitment to Inclusion and Diversity:
In addition to being dedicated to building a workforce that reflects diverse talent we are committed to fostering an inclusive and accessible experience. If you require an accommodation for any part of the recruitment process (including alternate formats of materials accessible meeting rooms etc.) please let us know and we will work with you to meet your needs.
Disclaimer:
CPP Investments does not accept resumes from employment placement agencies headhunters or recruitment suppliers that are not in a formal contractual arrangement with us. Our recruitment supplier arrangements are restricted to specific hiring needs and do not include this or other website job postings. Any resume or other information received from a supplier not approved by CPP Investments to provide resumes to this posting or website will be considered unsolicited and will not be considered. CPP Investments will not pay any referral placement or other fee for the supply of such unsolicited resumes or information.
Remote Work :
No
Employment Type :
Contract
Employment Type
Contract
