Job Information
Risk Management Specialist
Ottawa, Canada 255 Days Ago
Job Category: Computer/IT
Job Type: Full-Time
Posted: 2020-01-09
Job Status
Start Publishing: 2020-01-09
Stop Publishing: 2020-03-09
Ottawa, Canada
Twitter Share on facebook

•Conduct information risk assessments across the enterprise at suitable intervals, ensuring that key risk issues are understood, communicated, and tracked on the risk register
•Work with the Security Compliance & Security Operations teams to ensure an ongoing analysis of information security threats, vulnerabilities, and market trends and to determine potential impact on the organization’s risk posture
•Work with Business Solution Delivery Leads to understand the risk position around key business applications and to address perceived risk shortfalls as appropriate.
•Regularly verify that required information security and risk controls are in place, raising audit report findings as non-compliances are found, and driving improvement
•Manage the process to administer policy exceptions, ensuring that they are subject to appropriate controls, both before and after approval
•Own and manage the Information Security Advisory Committee (ISAC)
•Manage the creation and production of timely, accurate, and informative business and IT metrics relating to security
•Utilize the metrics to prioritize key initiatives and respond to negative trends
•Create, manage, and deliver to the staff effective information security awareness training, ensuring that this addresses key risk areas, offers insight into staff obligations under policy, and reflects current threats
•Weekly reporting to management on all outstanding risks and action plans / remediation timeline.
•Work with Business Solution Delivery teams to ensure that security controls are incorporated into all initiatives. This includes proper documentation of those controls which are the certified and accredited.
•Develop and maintain security metrics for the security organization
•Work with Business Solution Delivery teams to include open risk into their backlog allowing them to be prioritized / remediated
•Contribute to external and internal communications and information-sharing in the event of a privacy breach or incident

Critical Skills and Competencies Characteristics


  • Client Management : experienced in effectively interacting and communicating with business partners
  • Security and Risk Management: knowledge of information security and risk control frameworks such as NIST, COBiT, ISO 27001, ITIL, and ISO 31000 is preferred; knowledge of technological trends and developments in the area of information security and risk management
  • Reporting: analytics and data exploration experience and knowledge


  • Academic : undergraduate degree in engineering, computer science, business, or equivalent (required), Graduate degree in Business Administration (MBA) (Asset)
  • Certifications :
    • ITIL foundations (Asset)
    • CISSP, CISM, CISA, CRISC, or other information security credentials, is an asset


  • 2 - 3 years’ experience


  • Exceptional interpersonal skills, and proven to flourish working in a fast-paced environment
  • Ability to work effectively in a cross-disciplinary team, across multiple projects and multiple locations
  • Sharp analytic and problem-solving capabilities that go beyond strict technical expertise
  • Broad IT knowledge and strong level of familiarity with a wide range of technologies and IT practices
Apply Now