Information Security Risk Management Analyst

Our Story & Purpose

We’re Vancity, a member-owned credit union built on the principles of inclusion and social justice. Since 1946, our relentless commitment to these values has helped us challenge the status quo and break down barriers. We’ve made bold commitments to become net-zero by 2040 across all mortgages and loans, and we’re actively pursuing strategies in Indigenous banking and financial resilience for our members.

As the largest private sector Living Wage Employer in Canada, we’re proud to be consistently recognized as one of the country’s Top Employers. If you’re ready to join our team of 2,700 diverse individuals, access competitive rewards and benefits, and be part of a greater movement - apply today!

Your Role in Supporting Our Members

As an Information Security Risk Management Analyst, you will elevate existing risk management practices and processes. As a member of the Information Security Compliance team, you will play a crucial role in identifying, assessing, and mitigating information security risks.

This is a permanent, full-time role that will enjoy hybrid working arrangements which can be fulfilled primarily from the Vancity head office location and your Lower Mainland based home office. Periodically, you’ll be required to attend in-person activities or events.

How You'll Make an Impact

• Assist the Senior Manager, Information Security Compliance in developing and implementing a strategic approach to information security risk management across people, process, and technology.
• Lead the development and maintenance of Information Security risk and governance KPIs, KRIs, and SLAs. Assist with metrics creation and reporting.
• Provide reporting on the status of information security risks to leadership and stakeholders.
• Participate in third-party and supply chain cybersecurity risk assessments.
• Maintain the IT risk register on the GRC platform (Onetrust, Auditboard).
• Perform Security Threat Risk Assessments of all new projects and technology implementations.
• Develop and maintain IT and Security Risk Assessment processes and documentation.
• Advise various teams on risk mitigation and compensatory measures to reduce risks to acceptable levels, using knowledge of Vancity policies, technologies, standards and industry best practices.
• Foster a risk aware culture across the organization.
• Other duties as assigned.

What You’ll Bring to the Team

• A bachelor’s degree or equivalent in Computer Science, Business, or a related field.
• 3-5 years of progressive experience in information security risk management, preferably in a mid-sized corporate organization or a financial institution.
• Information Security Certifications in one or more of the following are desirable: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM).
• In-depth understanding of risk management frameworks such as NIST RMF, NIST AI-RMF, ISO 31000, FAIR, and ISO 27001.
• A good understanding of relevant standards and frameworks that apply to the financial services industry such as PCI/ SWIFT/ NIST/OSFI.
• Strong understanding of regulatory requirements and standards (e.g., OSFI, BCFSA, PIPA, PIPEDA).

You’ll Thrive Here If You Are

• An exceptional communicator - you are comfortable communicating with stakeholders across different levels of the organization. You demonstrate confidence and provide highly specialized technical expertise and advice.
• Flexible - You have a willingness to work in a highly flexible environment with multiple competing priorities.
• Organized - Good multi-tasking skills and the ability to prioritize work based on risk and business needs.

We value lived experience, so if you are interested in this role, we encourage you to apply even if you feel your skills don't perfectly align with those listed.

What You’ll Earn

This role offers a salary range of $92,700 to $115,000. The base pay offered may vary depending on factors such as relevant qualifications, skills, previous experience, and internal equity. As part of our total rewards package, employees may also be eligible for our annual incentive program, subject to program eligibility requirements.

Why You’ll Love Working Here

A career at Vancity is more than just a job, you’re joining a tradition of change-makers who are creating lasting change for our communities. Beyond base pay, we offer a comprehensive total rewards package to ensure our employees are empowered to thrive:

• Living Wage Employer: We’re the largest private-sector Living Wage Employer in Canada and consistently ranked among Canada’s Top Employers.
• Customizable Benefits: Permanent employees receive flexible benefit packages that can be tailored annually to meet evolving needs.
• Generous Vacation: New employees start with 3-4 weeks of vacation per year, with additional days earned over time.
• Extra Stat Holidays: In addition to BC’s 11 statutory holidays, we offer 2 extra days, plus care days for personal or family illness.
• Immediate Health Coverage: Health and dental benefits begin on your hire date, with three levels of coverage to choose from.
• Defined Benefit Pension: Our retirement plan provides a guaranteed income for life, recognizing that retirement looks different for everyone.

Vancity Talent Programs

Vancity supports an inclusive hiring process for candidates who self-identify as Indigenous, Black, or Trans. With special permission from the BC Human Rights Commissioner, this initiative provides access to career development opportunities, prioritized job screening, and feedback. Any information you choose to share will be stored securely and used only for recruitment and career development connected to this initiative, in line with the BC Personal Information Protection Act (PIPA). For details, please see our dedicated Talent Programs job posting.

This role is an open vacancy, and our hiring process is grounded in fairness, transparency, and inclusion. We are committed to an inclusive, barrier-free and accessible recruitment experience for all candidates. If you require any accommodations or support at any stage of the recruitment process (including the application stage), we encourage you to let us know by contacting our Talent Acquisition team at recruitment@vancity.com. We’re here to work with you to ensure your needs are met promptly and effectively. All requests will be handled with the utmost respect and confidentiality, so you can participate fully in the process.

Key skills/competency

• Information Security
• Risk Management
• Cybersecurity
• NIST RMF
• ISO 27001
• Third-party Risk Assessment
• GRC Platforms
• Regulatory Compliance
• Financial Services Security
• Threat Risk Assessment