Cyber Risk Analyst

On behalf of our client, Affinity is seeking a Cyber Risk Analyst to assess and manage cybersecurity risks across various projects. The ideal candidate will have a strong understanding of risk management frameworks and be responsible for conducting cyber risk assessments, identifying vulnerabilities, and implementing mitigation strategies. Additionally, this role will play a key part in facilitating risk management best practices within the organization.

 Responsibilities:

• Conduct cyber risk assessments across internal and external projects to identify security risks and vulnerabilities.
• Evaluate and assess the effectiveness of security controls, ensuring alignment with industry-standard frameworks (e.g., NIST, ISO 27001, COBIT, CIS).
• Champion the Three Lines of Defense Model for risk management, acting as a Second Line of Defense facilitator while regularly engaging with the First Line of Defense to ensure cyber risks are understood.
• Work with operational teams to ensure business assets (e.g., data, hardware, software, systems, facilities, services, people) are identified and managed appropriately relative to organizational objectives.
• Conduct security assessments of internal systems, applications, and IT infrastructure as part of the overall risk management practice.
• Perform application reviews to identify security flaws or other issues affecting confidentiality, integrity, or availability.
• Collaborate with the privacy officer to document data flows of sensitive information (e.g., PII) and recommend appropriate security controls (e.g., encryption, tokenization).
• Assess, document, and track exceptions to policies and standards (risk acceptance).
• Identify and implement improvements to organizational cybersecurity risk management processes, procedures, and activities.
• Monitor and report on the effectiveness of cyber risk management controls and key risk indicators (KRIs).
• Prepare and deliver risk assessment reports, documenting findings and recommending risk mitigation strategies.
• Assist in incident response and remediation efforts to mitigate identified risks.
• Provide actionable recommendations to reduce risk exposure and improve the organization’s overall security posture.
  
  

Qualifications:

• Minimum of 5 years of experience in cybersecurity, IT risk management, or a related field.
• Strong knowledge of cybersecurity principles, risk mitigation strategies, and risk assessment methodologies.
• Familiarity with risk management frameworks (e.g., NIST, ISO 27001, CIS, COBIT).
• Experience in conducting risk assessments, mitigation planning, and critical supplier assessments.
• Relevant certifications such as CISSP, CISA, CRISC, or equivalent are preferred.
• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field.
• Strong analytical, problem-solving, and organizational skills.
• Excellent communication skills, with the ability to present findings to both technical and non-technical stakeholders.
  
  

Affinity Earn:

Know someone who’s great for this, or any of our open roles? Earn up to $4,000/year for each successful referral through Affinity Earn. You can also earn up to $50,000 for helping us find new clients. Learn about our referral program at https://affinity-group.ca/earn/ or browse our jobs & follow us at https://www.linkedin.com/company/affinity-staffing/jobs/

About Affinity:

Affinity Group is a technology and business consulting and services company. We believe in creating long term relationships between clients and consultants that foster a mutually beneficial partnership. Affinity is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided on the basis of qualifications, merit and business need.

For more information on Affinity, please visit www.affinity-group.ca

Job Number: 11858