Typical Day in Role:
• Develop and execute a frameworks for risk and audit issues management, including the creation Participate in initiatives and projects driven by various business lines. Guide project and delivery managers to design and establish sound information security practices, facilitating key artifacts such as security design documents, threat/risk assessments and data classifications with the owner to ensure that risk is identified and effectively managed.
• Provide first line subject matter expert advice on pervasive Bank's information security standards, policies and processes, information security world class standards and major regulations in the industry.
• Liaise with internal and external security teams, local and international, and participate in reviews that pertain to compliance with Bank and Regulatory IT security controls and guidelines.
• Work with our business line partners to assess risk and avoid deviations to Bank standards; where possible, identifying secure solutions. When unavoidable, escalate deviations or risk acceptance requests through appropriate channels.
• You enjoy taking part in initiatives to contribute to the strategic direction for security related technologies or other controls that need to be put in place to reduce the threat levels to the company.
• You excel managing vendor interactions to evolve and continually improve the bank’s protection programs.
• You thrive in delivering best in class support for all endpoint technologies.
• You are comfortable providing metric and reports to the leadership teams.
Candidate Requirements/Must-Have skills:
1. 10+ years of working experience as an IT Security Analyst, and keep current with relevant technological change and information security best practices.
2. Recent hands-on experience with cloud security controls and experience in deployments and cloud architecture security.
3. Recent hands-on experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application and networking environments.
4. Strong knowledge of IT infrastructure and data centre processing environments. Knowledge of security technologies such as: Identify & Access Management, PKI, Intrusion Prevention, vulnerability assessments. Knowledge of network security components such as firewalls, routers, intrusion detection, anti-virus software.
5. Strong Microsoft Office software skills particularly Excel, Word, Visio and PowerPoint.
6. Working knowledge of regulatory guidelines related to the financial industry like OSFI.
Nice-To-Have Skills:
• Knowledge of the financial services’ Security Governance Framework (policies and standards) is a strong asset.
• Knowledge of Agile, Lean, Rapid Labs and other accelerated project frameworks would be an asset.
• Security Certifications: CISSP, CCSP, GSEC, CISA, CISM, etc.
Soft Skills:
• Must have advanced verbal and written communication skills in English, especially report writing ability.
• Proven ability to meet deadlines for multiple assignments and adapt quickly to changing priorities.
Education:
• College or university degree in Computer Sciences, Information Systems/Security or technical equivalent