Senior Cyber Security Analyst

About QuadReal Property Group 

QuadReal Property Group is a global real estate investment, operating and development company headquartered in Vancouver, British Columbia. Its assets under management are $85 billion. From its foundation in Canada as a full-service real estate operating company, QuadReal has expanded its capabilities to invest in equity and debt in both the public and private markets. QuadReal invests directly, via programmatic partnerships and through operating platforms in which it holds an ownership interest.

QuadReal seeks to deliver strong investment returns while creating sustainable environments that bring value to the people and communities it serves. Now and for generations to come.

QuadReal: Excellence lives here.

www.quadreal.com

Role Overview
The Senior Cybersecurity Analyst plays a crucial role, working closely with IT, business partners and leadership to help them understand and manage cybersecurity risks while ensuring compliance with organizational policies and standards. This position supports the development of comprehensive, analysis-based cybersecurity risk mitigation strategies aligned with business objectives. This role requires strong communication skills, technical expertise, and a proactive approach to stay ahead of emerging threats and industry best practices.

Responsibilities
The senior cybersecurity analyst will work with internal and external cybersecurity resources, and with business partners to fulfill these responsibilities:

• Periodically assess and maintain an understanding of the overall organization’s cybersecurity posture

• Monitor the organization cyber risk profile and KRIs to proactively identify emerging risks and changes to the profile

• In partnership with the Manager of Cybersecurity, assist in developing and executing the cybersecurity strategy and roadmap aligned with the organization's goals, ensuring the confidentiality, integrity, and availability of information and systems.

• Maintain and improve the cybersecurity third-party risk management process to continuously assess the organization’s third-party cyber risks.

• Develop and maintain risk profile of critical assets, systems and vendors

• Conduct comprehensive risk assessments of new and existing IT and OT vendors, products and solutions to identify gaps and vulnerabilities, and recommend mitigation measures

• Prioritize cyber risks based on potential business impact and likelihood, using quantitative and qualitative risk assessment methods

• Develop and execute risk mitigation strategies aligned with business objectives

• Maintain the cybersecurity risk register, ensuring risks are properly documented, prioritized, mitigated and communicated.

• Ensure that the cybersecurity risks are managed collaboratively with the business and decisions are made on a balanced risk-prioritization basis

• Provide regular reports and updates to leadership on the organization's cybersecurity posture, risks, and mitigation strategies.

• Maintain and enforce cybersecurity policies, standards, and procedures to meet regulatory requirements and industry best practices.

• Assist in the implementation and maintenance of various technical controls, tools, and technology, including SOC operations.

• Participate in investigations and responses to security incidents, breaches, and data loss event under the guidance of senior leadership, when necessary

• Stay up to date with emerging threats, vulnerabilities, and industry trends to anticipate potential risks and recommend appropriate security measures.

• Foster a culture of cybersecurity awareness and compliance throughout the organization

Qualifications

• Bachelor's degree in computer science, information technology, cybersecurity, or a related field.

• Minimum of 5 years of experience in cybersecurity or IT risk management

• Experience working in complex and dynamic environments.

• Strong knowledge of cybersecurity principles, frameworks and standards (e.g., NIST, ISO 27001, PCI-DSS), and regulations (e.g., GDPR, CCPA) required.

• In-depth knowledge of risk assessment methodologies and third-party risk management

• Expertise in risk management, threat intelligence, vulnerability assessments, and incident response.

• Strong understanding of network security, application security, cloud security, and identity and access management (IAM) concepts.

• Familiarity with real estate industry-specific security challenges and solutions is a plus.

• Professional certifications such as CISSP, CISA, or equivalent is preferred.

Personal attributes

• Strong interpersonal, influencing, collaboration and negotiation skills.

• Strong analytical, verbal, and written communication skills.

• Exceptional customer relationship skills, consensus building skills, and ability to establish effective working relationships in a diverse environment.

• Able to prioritize and execute tasks in a high-pressure environment.

Note to Recruiters: QuadReal does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to QuadReal, directly or indirectly, will be considered QuadReal property. QuadReal will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for engaged services to submit resumes.

QuadReal Property Group will provide reasonable accommodation at any time throughout the hiring process for applicants with disabilities or for those needing job postings in an alternate format. If you require accommodation, please advise the Talent Acquisition team member you are working with and include the following: Job posting #, your name and your preferred method of contact.