Information Risk Management Analyst -
General Dynamics Canada
More Database and SAP Jobs in Ottawa , Ontario
General Dynamics Canada -
Ottawa , Ontario; General Dynamics Canada provides technology-based electronic systems, systems integration, and in–service support to defence organizations and public security markets in Canada and abroad. As Canada's largest and most established defence systems integrator we have the capacity to take on multi-year projects of strategic national significance, scope and scale, and deliver cost-effective, mission-critical systems; Past job postings: Information Risk Management Analyst
; Career Opportunities
Information Risk Management Analyst
|Number of Positions Open
|Start Date of Employment
The Information Risk Management (IRM) Analyst is responsible for monitoring, developing, implementing, maintaining and managing IT security control and monitoring systems. The Analyst is responsible for documenting and ensuring enforcement of controls and identifies evidence collection requirements for the different compliance activities. In addition, the IRM Analyst is responsible for project management assistance activities related to security infrastructure projects.
The IRM Analyst will work closely with functional and business areas to ensure the IT Enterprise solutions are implemented while following the security design, control, and business requirements.
The IRM Analyst will be a member of a dynamic team of individuals who constantly search for creative ways to elevate the capabilities of technology systems to meet business needs while maintaining Disaster Recovery Plans (DRP) and Sarbanes Oxley Act (SOX) compliance, partly by capitalizing on emerging technologies and partly by adapting technologies to the needs of the customer.
- Support IT by collecting and reporting business requirements.
- Provide IT internal audit services to various business units, including application controls reviews, regulatory compliance audits and operational audits, with client value-add recommendations.
- Review processes and apply control and risk assessment to further reduce the work effort required for annual compliance, thus reducing security and SOX compliance costs
- Manage Risk, Compliance and Vulnerability assessment programs, in collaboration with the Information Risk Manager, to ensure that the business meets its compliance requirements
- Review, assess and recommend control improvements on processes
- Responsible for developing Enterprise security architecture risk assessments
- Analyze the vulnerability assessments of network resources and develop remediation plans for the identified risks
- Review audit results and provide recommendations to ensure compliance to regulatory requirements
- Facilitate collaboration amongst various teams
- Responsible for creating and maintaining IT governance policies
- Participate in General Dynamic IRM C4S Arizona and other Business Units knowledge sharing and awareness activities and meeting
- DRP and Sarbanes Oxley Compliance:
- Analyze, recommend and provide leadership in the implementation of technical controls to support and enforce SOX controls.
- Lead monitoring of risk mitigation and coordination of SOX controls with the CIO and the Information Security Officer (ISO), to ensure that all managers are taking effective remediation steps.
- Provide guidance to resource owners and IT staff in understanding and responding to SOX audits.
- Manage deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
- Report on security compliance levels and security project status.
- Guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
- IT Security Project management:
- Work closely with end users, business technologists and others to understand and prioritize business goals and information needs, and then develop system requirements and design specifications; direct efforts to refine conceptual systems design requirements into the technical design.
- Manage internal and external systems/application development projects within assigned areas from inception to successful implementation:
- Define project objectives, scope and level of effort.
- Develop details project plan and schedule; identify the methods, resources and tools required for the project.
- Get projects off the ground, keep them on track and on budget, and resolve issues with customers
- Ensure project compliance to security policies
- Establish standards and procedures for project reporting and documentation.
- Monitor project progress and report against plan
- Confer with project personnel to provide technical advice and to resolve problems.
- Coordinate and respond to requests for changes from original specifications.
- Keep close, direct contact with key end-user representatives to ensure technologies are providing value to customers after project closeout.
- All other duties as required
Required Skills & Abilities:
- Excellent knowledge of operating systems like Microsoft Windows, Unix/Linux, and a wide range of security technologies
- Experience with Enterprise Security Incidence Response
- Knowledge and experience with Business Continuity processes
- Knowledge and experience with Disaster Recovery Processes
- Ability to multitask and manage multiple small to large projects in a cross-functional environment; expertise setting and managing customer expectations
- Strong project leadership capabilities and ability to motivate team.
- Exceptional verbal and written communication skills; conceptualizes creative solutions, documents them and presents them to management
- Ability to present and explain technical information in a way that establishes rapport, influences others and fosters acceptance
- Ability to reach out across the organization and collaborate with people at different levels, with diverse needs and agendas
- Solid understanding and experience delivering projects using formal Project Management Institute (PMI) methodology and processes
- Knowledge of common information security management frameworks, such as the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology frameworks
Required Education & Experience:
- Bachelor's degree in computer science, business administration, engineering or a related discipline with a information technology focus; or equivalent related project management experience desirable
- Minimum of four years experience IT Infrastructure Security Project in the areas of OS (Unix and MS Windows), Workstations, Virtualization, Network and Application
- Enhanced Security Clearance is required
- Typically requires a minimum of 11+ years of related experience. At this level, post-graduate coursework may be expected.
Last updated on September 05, 2011