SI935 Information Systems Specialist-Security Risk Analyst

SI935 Information Systems Specialist-Security Risk Analyst

04 Nov
University of Waterloo

04 Nov

University of Waterloo



The Information Systems and Technology (IST) department at the University of Waterloo provides information systems, technology and services in support of teaching, learning, research and administrative needs across campus. Within IST, the Information Security Services (ISS) group provides a comprehensive set of information security services to the University of Waterloo including security/risk/compliance assessments, security awareness, identity and access management, vulnerability management, network security monitoring, TLS certificates, and incident response.


ISS has an immediate need for an Information Systems Specialist to provide security risk and compliance support for technology initiatives.

The complexity of technologies supported varies widely from small systems supporting specific processes in individual business units or research teams, to complex ERP systems. The successful applicant will work closely with technology staff, functional staff, instructional staff and researchers to navigate security/privacy risk management processes to ensure security risks are managed appropriately within the University of Waterloo’s risk management framework.

Key competencies for this role include advanced business and systems analysis, risk management, relationship management, organization & planning, communication, and teamwork. The Information Systems Specialist is directly involved in the life cycles of multiple systems, and is involved with other projects and working groups within IST. The responsibilities of this role currently include:

- Conducting business analysis at the project, department and/or University level to ensure security risks are managed appropriately
- Reviewing project proposals, RFP responses, and legal contracts to ensure appropriate security controls are in place
- Compliance management (e.g. PCI DSS, FISMA)
- Performing security assessments
- Providing recommendations on appropriate strategies for reducing security risk
- Development of information security standards
- Occasional work outside regular business hours


- University degree (preferably in Computer Science/Information Systems), or equivalent education and experience
- Must have excellent interpersonal, communication, organizational, research and analytical skills
- Proven ability to interact with co-workers, clients, and third party vendors with tact and diplomacy
- Ability to build and maintain positive relationships with colleagues and clients is key
- Solid understanding of risk management principles as they apply to information systems on a hostile network
- Experience with departmental and/or enterprise level business analysis is required
- Working knowledge with two or more of PCI DSS, OWASP, NIST 800-53, ISO 27001/2, CSA CCM, FIPPA
- Advanced systems analysis skills
- Understanding of the function and purpose of various security testing/assessment tools including Nmap, QualysGuard,Metasploit, BurpSuite, and AppScan
- Data management skills (e.g. SQL, Python) an asset
- Professional certification (such as CISSP, CIRSC, CRM) an asset

The original job offer can be found in Kit Job:

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: si935 information systems specialist-security risk analyst
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert