Senior Business Analyst

On behalf of our public sector client, Affinity is looking for a Senior Business Analyst to work on the modernization of the IT Risk Management Program to improve alignment with corporate strategies and other evolving programs such as cybersecurity. The ideal candidate will be responsible for reviewing existing Risk Management processes within Technology Services and further evolving Technology Services’ Risk Management Program, which involves creating a structured framework to identify, assess, mitigate, and monitor risks that could potentially impact the organization's objectives.Responsibilities:Engage with key stakeholders to identify the objectives and goals of the IT Risk Management Program.Gather and document business requirements of the IT Risk Management Program by performing elicitation and coordination tasks with stakeholders.Review existing IT Risk governance and program documentation, and capture undocumented processes, developing a picture of the current state, including maturity levels across various business capabilities.Help to establish an IT Risk governance framework that will ensure ongoing oversight and management of the IT Risk Management Program.Review IT Risk policies, standards, and procedures, evaluating by industry best practices and regulatory requirements.Complete assessment of current state Risk Management practices across the organization.Identify and implement any short-term opportunities to improve current Risk Management processes.Focus on improving the Divisional Risk Register’s data.Define Technology Services’ Risk Taxonomy.Establish definitions that provide a clear and precise explanation of the meaning of “Risk” versus an “Issue” vs “Workplan Item”.Define Technology Services Hierarchy of Risk Management.Define risk ownership at a Unit Level, Branch Level, or Divisional Level.Define principles and criteria used to define if a risk is managed at a Unit Level, Branch Level, or Division Level (escalation criteria/triggers/measures).Ensure that the Risk Management Program removes silos and supports standardization and mitigation of shared risks across parts of the organization.Define technologies (tools set) to establish a centralized Risk Register & Dashboards to support risk sharing across the organization.Develop educational / training material for Technology Staff related to the Risk Management Program.Ensure that the Risk Management Program captures the right level of data and measures to allow for the integration of risks into organizational decision-making.Define monitoring and/or compliance processes and/or procedures that ensure the organization is following the established Risk Management Program practice and identify areas to improve efficiency, effectiveness, and benefit realization.Qualifications:A University degree in Computer Science, Business Administration, a related discipline, or certification in Information Technology from a recognized community college. An equivalent combination of education and experience may be considered.Five (5) years experience as a senior business analyst working in Information Technology with a focus on IT Risk Management Programs where the candidate:Has conducted requirements elicitation.Produced a formal document that outlined the scope, objectives, and responsibilities of a risk management program within an organization.Established processes and policies for managing risks and ensuring alignment with the organization’s strategic goals.Excellent communication skills (written and oral) in English.Scored qualifications:5 years of experience with defining and implementing an IT Risk Management Program. The response should reference a project(s) in your resume and touch on your experience with the key components to effectively identify, assess, manage, and monitor risks.5 years of experience in creating and enforcing IT governance policies and procedures and ensuring that they align with organizational goals and risk tolerance.5 years of experience in developing communication strategies to educate staff about IT risks and best practices, and to communicate risk management strategies to stakeholders.5 years of experience with ongoing monitoring, auditing, and reviewing of IT risk management practices to ensure they remain effective and relevant.5 years of experience with risk assessment methodologies and frameworks such as ISO 27001, FAIR (Factor Analysis of Information Risk), NIST, or COBIT.Current certification from a recognized professional business analysis association.Experience working in or for the public sector in Canada.About Affinity:Affinity Group is a technology and business consulting and services company. We believe in creating long-term relationships between clients and consultants that foster a mutually beneficial partnership. Affinity is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided based on qualifications, merit, and business needs.For more information on Affinity, please visit www.affinity-group.ca.Job Number: 11113 #J-18808-Ljbffr