University of Waterloo

  • Information Systems Specialist-Security Risk Analyst

    Requisition ID
    Job Category
    5170 - Information Systems and Techno
    Job Status
    Regular Full-Time
    Hiring Range
    $66,605 - $107,901
  • Overview

    The Information Systems and Technology (IST) department at the University of Waterloo provides information systems, technology and services in support of teaching, learning, research and administrative needs across campus. Within IST, the Information Security Services (ISS) group provides a comprehensive set of information security services to the University of Waterloo including security/risk/compliance assessments, security awareness, identity and access management, vulnerability management, network security monitoring, TLS certificates, and incident response.


    ISS has an immediate need for an Information Systems Specialist to provide security risk and compliance support for technology initiatives. The complexity of technologies supported varies widely from small systems supporting specific processes in individual business units or research teams, to complex ERP systems. The successful applicant will work closely with technology staff, functional staff, instructional staff and researchers to navigate security/privacy risk management processes to ensure security risks are managed appropriately within the University of Waterloo’s risk management framework.


    Key competencies for this role include advanced business and systems analysis, risk management, relationship management, organization & planning, communication, and teamwork. The Information Systems Specialist is directly involved in the life cycles of multiple systems, and is involved with other projects and working groups within IST. The responsibilities of this role currently include:

    • Conducting business analysis at the project, department and/or University level to ensure security risks are managed appropriately
    • Reviewing project proposals, RFP responses, and legal contracts to ensure appropriate security controls are in place
    • Compliance management (e.g. PCI DSS, FISMA)
    • Performing security assessments
    • Providing recommendations on appropriate strategies for reducing security risk
    • Development of information security standards
    • Occasional work outside regular business hours


    • University degree (preferably in Computer Science/Information Systems), or equivalent education and experience
    • Must have excellent interpersonal, communication, organizational, research and analytical skills
    • Proven ability to interact with co-workers, clients, and third party vendors with tact and diplomacy
    • Ability to build and maintain positive relationships with colleagues and clients is key
    • Solid understanding of risk management principles as they apply to information systems on a hostile network
    • Experience with departmental and/or enterprise level business analysis is required
    • Working knowledge with two or more of PCI DSS, OWASP, NIST 800-53, ISO 27001/2, CSA CCM, FIPPA
    • Advanced systems analysis skills
    • Understanding of the function and purpose of various security testing/assessment tools including Nmap, QualysGuard,Metasploit, BurpSuite, and AppScan
    • Data management skills (e.g. SQL, Python) an asset
    • Professional certification (such as CISSP, CIRSC, CRM) an asset


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed