The opportunity :
Please note : the preferred location for the position is or Waterloo, ON, Richmond Hill, ON or major US office locations.
Working in the Global Information Security team, the Governance and Risk Analyst will be expected to understand a wide array of IT security controls, processes and concepts.
The Governance and Risk will provide extensive effort researching and writing security policies, understanding data protection strategies, and organizing policy documentation for the entire organization.
The role will also be required to apply risk review concepts in support of audit controls for Fed Ramp Compliance and in support of control frameworks for ISO27001, SOC1, and SOC2 on the Open Text Commercial platforms.
This is a hands-on role that will require detailed knowledge of Fed Ramp compliance, security concepts, governance models, commercial platform processing, risk models, security controls, security audits and other common IT and security domain concepts.
You are great at :
Leading efforts on behalf of the Global Information Security (GIS) team to service and support governance and risk management initiatives
Applying security policy and risk assessments to Open Text business units
Managing security vendors and vendor contracts on behalf of GIS
Managing the organization security communications program
Synchronizing complex policy clauses with other Information Security requirements regarding audit / compliance and risk management
What it takes :
Bachelor’s Degree in Information Systems, Business Administration, or similar degree, or equivalent experience preferred.
5+ years in security compliance, risk and governance
Detailed knowledge of Fed Ramp compliance requirements, security requirements, and controls
Strong inter-personal skills are required to work across multiple internal teams and to handle customer interface meetings on security related topics.
Ability to write clear and concise polices and communications that are easily consumed by a large target audience
Familiar with commonly used information security concepts, best practices and standard procedures
Knowledge of security controls, and governance and risk management frameworks
Capable of working under pressure in a continually changing environment
Is resourceful in knowing how to research requirements and find information for documentation purposes
Strong knowledge of Open Text Commercial products and solutions is helpful
Audit framework knowledge for ISO27001, SOC1 & SOC2 desired
Strong written and verbal communication skills
Ability to work alone with minimal supervision effectively and efficiently
Ability to participate in key proactive security programs.
CGEIT, CISA, CISM, CISSP, or other IT certifications preferred