Specialist Risk Management

JOB SUMMARY:

To provide expert guidance, advice, and operational support for the City's cyber risk management program, ensuring robust protection against cyber threats. This role also supports the Chief Information Security Officer's (CISO) mandate, advancing the City's cyber vision and strategy.

Key responsibilities include identifying, assessing, and mitigating cyber risks across the City, its agencies, and corporations. The role involves close collaboration with cross-functional teams to ensure that cyber practices align with industry standards and regulatory requirements.

MAJOR RESPONSIBILITIES:

• Supports the implementation of a risk management strategy including the development of supporting methologies and practices relating to a cyber risk management framework for the City of Toronto.
• Conducts thorough assessments of potential cyber threats, vulnerabilities, and risks to the information systems and data.
• Maintains a comprehensive risk register and library, prioritizing risks based on their potential impact and likelihood.
• Supports remediation roadmaps using NIST frameworks to enhance cyber security maturity of the City’s divisions and its agencies and corporations.
• Reviews implementation plans for risk remediation.
• Monitors the effectiveness of existing cyber measures and recommends enhancements to reduce risk exposure.
• Facilitates and coordinates closure of audit findings.
• Schedules regular assessments and testing of effectiveness and efficiency of controls and create GRC reports.
• Assess, and implements information cyber controls and procedures required to protect the confidentiality, integrity, and availability of information.
• Builds collaborative and productive working relationships across the organization to establish, maintain, and continuously improve cyber risk management capabilities and promote risk awareness and intelligent risk-taking.
• Develops artifacts to support the implementation of a risk management program.
• Maintains accurate documentation of risk management processes, assessments, and response activities.

QUALIFICATIONS/CERTIFICATIONS:

• Post-secondary degree in Business or Technology or a related discipline.
• Extensive experience conducting risk assessments based on NIST cyber security framework and related standards.
• Strong knowledge of elements of risk, including vulnerability, threat, likelihood, impact, mitigation, remediation, and understanding the implications of cyber risk to the ability of an entity to achieve its business ojectives.
• Expertise working within an Information Security or Governance, Risk & Compliance (GRC) function.
• Experience in conducting third-party assessments, especially on small and medium-sized service providers. 
• Experience in scoping, supporting and reviewing SOC 2 Type II reports and SOC 27001 certification.
• Experience developing and assisting with the implementing of cyber policies and standards.
• Preferred Certifications (at least two in the list): CISSP, CISA, CISM, CRISC, CCSP