Share this Job
Requisition Number:  6262
Position Type:  Term
Position Length:  18 months (extension / permanent possible)

Ottawa (Downtown), ON, CA

Closing Date:  July 29, 2021, 23:59 EST

Diversity and Inclusion
As one of Canada’s Top 100 Employers, we offer you a superior work environment that allows you to reach your full potential both professionally and personally. We make career growth and professional development a priority. We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce.

Let our team know if you need accommodation or support during the recruitment process due to a disability or other reason. We can provide support in multiple ways, from using this site and submitting your application, right through to the interview process. If you are the successful candidate, you can also discuss accommodation needs when you receive your offer.

Contact to discuss how.

Senior Security Risk Analyst

Take a central role
The Bank of Canada has a vision to be “a leading central bank—dynamic, engaged and trusted—committed to a better Canada.” No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in a diverse and inclusive organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in an environment where we are reinventing central banking, renewing ways of doing business and reinforcing a culture of innovation.


Find out more about the next steps in our Recruitment process


Did you know?
The Security Risk Oversight and Policy (SROP) team is the second line of defense in the Bank’s overall enterprise security risk management universe. The team partners with business stakeholders to oversee risk management practices across all Bank departments. It oversees information security risks, cyber and technology risks, physical and personnel security risks.


What you will do 
The Senior Security Risk Analyst works on the SROP team within the Bank’s Corporate Security Service (CSS) department and performs security risk management activities relating to all the Bank’s critical assets. Following a defined enterprise security risk management approach, the analyst leads security risk engagements and assists Bank business groups in identifying and assessing key risks and controls and recommending appropriate safeguards to protect the confidentiality, integrity, and availability of Bank assets. The incumbent works closely with first line stakeholders and provides guidance based on the results of security risk assessments, security policy, and security testing.

The Senior Security Risk Analyst, you will:

  • develop an in-depth understanding of the Bank’s core functions, business processes, critical assets, and systems which are subject to security oversight activities. Based on this understanding, the senior security risk analyst prioritizes and assesses the effectiveness of security controls and enables departments to deliver on their core mandate, adds value by ensuring secure and safe business operations.
  • plan, lead, and conduct security risk engagements including developing oversight engagement letters, in-depth assessment of security risks and controls, development of security risk registers and writing of security posture reports in clear and concise business language.
  • test the effectiveness of security controls using several testing methodologies including tabletop exercises, site visits and red teaming exercises.
  • provide security advisory services to business stakeholders on completeness and effectiveness of their security controls.


What you need to succeed

  • understanding of security risks and controls in one or more domains of cyber security, physical security and/or information security
  • written and oral communication skills, including experience with presenting to a broad variety of stakeholders
  • business relationship and/or stakeholder management skills including experience with a client-centric approach to service delivery
  • project management experience including planning tasks, managing timelines, and reporting on status
  • ability to work well independently as well as on a team
  • problem-solving, critical thinking, and analytical skills

In addition, the position requires at least one valid security and/or related certification (e.g. CISSP, CISA, PSP etc.).



  • Knowledge of risk management frameworks such as NIST and ISO
  • Knowledge of and experience with Government of Canada information technology security policies, directives, standards and guidelines (e.g., Policy on Government Security, management of information technology security, ITSG-22/33/38, Directive on Departmental Security Management)
  • Knowledge of and experience with Government of Canada Harmonized Threat and Risk Assessment (HTRA) methodology and other security industry standards (e.g., ISO 27001, NIST 800 series, ITSGs, ITIL, PCI)
  • Knowledge of enterprise risk management approaches and practices, including the three lines of defence model


Your education and experience

  • A university degree in business, computer science/engineering, risk management or security.
  • A minimum of six years of progressively more responsible and relevant experience in a combination of security policy analysis, communications, audit and compliance, business analysis, security analysis and/or information technology security, physical and personnel security, travel security, broad infrastructure technology (network, storage, server, etc.), applications and software security, and threat and security risk assessment, working in a public or private security function.
  • An equivalent combination of education and experience will be considered.

What you need to know

  • Language requirement: English and French essential (bilingual) with a minimum starting level of functional (level 4) in second official language. Training may be provided to help reach the required level of fully functional (level 5) in second official language.
  • Priority will be given to Canadian citizens and permanent residents
  • Security level required: Top Secret 
  • You will work remotely from any location within Canada while the Bank operates under mandatory telework. Flexibility for remote work for the duration of the term may be granted.
  • There will be no relocation assistance provided
  • Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
  • In response to the COVID-19 pandemic and further to public health guidelines, preventative measures are being taken to ensure health and safety during the recruitment process. All interviews are conducted virtually.  


We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.


What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider


  • Salaries are based on qualifications and experience and typically range from $85,100 to $106,300 (job grade 17)
  • Depending on performance, you may be eligible for performance pay for successfully meeting (7 to 10% of your base salary) or for exceeding expectations (15% of your base salary). Exceptional performers who far exceed expectations may be eligible for higher performance pay.
  • Flexible and comprehensive benefits so you can choose the level of health and dental coverage that meets your needs
  • Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
  • Option to join the indexed, defined-benefit pension plan after 24 consecutive months of service


We strive to make our policies, programs and workplace more inclusive, respectful and barrier-free. We encourage applications from women, Indigenous peoples, veterans, persons with disabilities, members of visible minorities and persons of all races, ethnic origins, religions, abilities, sexual orientations, and gender identities and expressions. #LI-POST