Information Security Lead, Banking, Security Delivery and Operations

85996
Oakville, Ontario
Permanent/Direct Hire
2 days ago

Information Security Lead, Banking, Security Delivery and Operations
Full Time Permanent
Oakville

Lead Role – Security Delivery & Operations

What you’ll do:
The Lead is a key player responsible for spearheading initiatives to identify, investigate, communicate, resolve, and improve information security governance, risk and compliance in our IT investments. 
 
You will partner with across the organization, including, Technology, Enterprise Risk Management, Internal Audit, PCI Compliance, Vendor Management and other stakeholders to assess cybersecurity risks for the organization, including vulnerabilities, while helping teams determine mitigation strategies to maintain and/or reduce the residual risk of the organization. Sounds like a lot? Well, there’s more:
 

  • Be the champion in risk assessment of technologies and processes in the environment, including our digital crown jewels and other compliance impacting technologies and processes.
  • Understand and collaborate with stakeholders for prioritizing and mitigating vulnerabilities identified within the environment through vulnerability assessment, penetration testing, application security testing and/or any other risk assessment activity.
  • Following up on vulnerabilities, configuration and cloud gaps and track remediation
  • Help navigate team to further enhance existing vulnerability management program
  • Connect the dots to improve and enhance risk assessment processes.
  • Assess third-party risk on the use of vendors for day-to-day operations.
  • Provide oversight, reporting, and metrics on risk functions.
  • Anticipate risk and assist owners in building action plans for risk mitigation.
  • Review risk assessments of non-senior team members and peers
  • Validating operating effectiveness of IT general controls
  • Maintaining risk and controls repositories and documentation 
  • Providing support for policy exception management procedures
  • Assisting with metrics and reporting
  • Be a subject matter expert for vulnerability management program, application security program, configuration management, and penetration and scenario based testing

What you bring:

  • University degree or college diploma in technology.
  • Possess one or more professional certifications, such as CISSP, CISM, CISA, CCSP, CRISC etc.
  • Overall 5 to 7 years of experience in information technology and/or information/cyber security
  • Good knowledge and understanding of risks, audits and processes relating to Information/Cyber Security and IT.
  • Excellent communication skills
  • Good documentation and presentation skills
  • Creative thinker who takes initiative
  • Problem solver with the ability to analyze and prioritize to meet business objectives
  • Collaborative team player with superior influencing skills, who builds relationships easily
  • Organized individual who is always seeking to automate or improve efficiency of procedures
  • Creative thinker who is observant to seek new opportunities and perceptive to abstract ideas
  • Goal driven individual to seek out continuous improvement opportunities
  • The ability to take a collaborate approach to build strong relationships and have positive team experiences
  • Good knowledge/understanding and experience of vulnerability and configuration management procedures and how those impact an organization. 
  • Good knowledge and understanding about penetration testing and application security
  • Flexible and dynamic individual who is able to adjust and prioritize accordingly to adapt to business demands and requirements
  • Solid foundation of relevant technical skills
  • Good scripting skills using Python or similar tools
  • Experience with developing dashboards using Power BI
  • Demonstrates behaviors of transparency, accountability agility and learning from others that will support your success
  • Understands/Experience in risk assessments including third-party risk
  • Have knowledge of security governance frameworks, policies and standards 
  • Understands principles of security controls testing
  • Audit and/or IT risk management 
  • Knowledge of IT risk and control frameworks, COBIT 5, NIST CSF & ISO27001, CIS
  • Understand System Development Life Cycle (SDLC) process and agile methodologies
  • Familiarity with Data Privacy and Protection standards PCI, PII.
  • Basic knowledge of cryptography and encryption algorithms.
  • Good knowledge of identity management controls including Multi Factor Authentication and Single Sign On.

The pay range that the employer reasonably expects to pay for this position is between CA$110.00 and CA$85,000

Our voluntary benefits offering includes medical, dental, vision and retirement benefits.

Applications will be accepted on an ongoing basis.

Tundra Technical Solutions would like to thank you for the interest you have demonstrated in this opportunity. However, only candidates with the required skills will be contacted.

Tundra Technical Solutions is an Equal Opportunity/Affirmative Action Employer. We welcome and encourage diversity in our workplace.

Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!

Tundra Technical Solutions is among North America’s leading providers of Information Technology and Engineering staffing and consulting services. Our success and our clients’ success are built on a foundation of service excellence. Rather than continually trying to sell to new clients and companies and simply filling databases with candidates, we focus on developing stronger relationships and deeper knowledge of our existing clients’ challenges and opportunities.

Open ears. Open minds. Open futures