Business Analyst (Intermediate) – Cybersecurity Risk Assessment

Job Title: Business Analyst (Intermediate) – Cybersecurity Risk Assessment

Location: Calgary, AB (Hybrid)

Estimated Duration: 9 Months

Job Description:
 
Our client is a leader in the responsible development and reliable and safe operation of North American energy infrastructure. They are one of the continent’s largest providers of gas storage and related services.
 
They are currently looking for an Intermediate Cyber Security Risk Analyst for their Calgary, AB location.

Key Responsibilities:
 
• Perform cybersecurity risk assessments based on established cybersecurity risk framework and processes
• Facilitate business impact assessment to support cybersecurity risk assessments
• Communicate cybersecurity risk to business owners and managers
• Report on cybersecurity risk and manage their life cycle with stakeholders
• Drive development, implementation and automation of risk management tools and processes
• Identify and analyze complex business and technology risks
• Recommend cost effective and appropriate risk control to reduce cybersecurity risk
• Enter, update, and maintain accurate risk information within the cybersecurity risk register in accordance with established procedures.
• Conduct research to maintain and expand knowledge on the latest cybersecurity controls and standards, as well as the threat and vulnerability landscape
• Manage and provide cybersecurity risk support to project activities across the enterprise
• Collaborate with the Manager GRCR, GRCR team, other Enterprise Security team members, IS teams and business units on all areas related to cybersecurity
• Other tasks as required
 
Minimum Qualifications:
 
• Bachelor’s degree or technical diploma, preferably in a related discipline such as Computer Science, Information Security, or Computer Engineering
• A minimum of four (4+) or more years of Cybersecurity, Risk Management, or related experience
• Demonstrated understanding of business processes, industry best practices, cybersecurity controls and related standards such as NIST CSF, NIST SP 800 53, and/or ISO/IEC 27001 & 27002.
 
Preferred Qualifications:
 
• Understanding of network architectures, including on-premise, cloud, and hybrid environments.
• Familiarity with common network components and technologies, such as firewalls, routers, switches, VPNs, and network segmentation.
• Proven experience managing risk (preferably cybersecurity risk) for a large enterprise
• Demonstrated strong understanding of the IT security landscape, including emerging risks and security solutions
• Risk management certifications are considered an asset (e.g. CISA)
• ICS/SCADA experience is considered an asset
• Previous work experience and an overall understanding of the energy industry
• Ability to present ideas and results to technical and non-technical audiences in both verbal and written communications
• Excellent problem-solving skills and ability to resolve complex issues and lead intermediate application development projects
• Highly self-motivated with a passion for risk, safety, and cybersecurity
• Strong prioritization skills with an always-on attitude and obsessed with delivering business outcomes