Security Analyst

We are looking for a Security Analyst! Reach out if you are interested and feel free to refer friends/colleagues!

What can you expect:

Story Behind the Need:

As part of the Information Security and Control (IS&C), Senior Information Security Advisor is providing advisory services to business lines, subsidiaries and affiliates enabling the achievement of the Bank’s Information Security Policy. As a Senior Security Advisor within the IS&C – Global Technology Applications – Security Advisory Services team, you will provide a central point of reference and core competency for Information Security. Assisting in the classification and protection of data resources by providing guidance on secure and cost-effective implementation of Bank’s security policies and standards. Providing guidance to design, develop and implement sound risk management controls in accordance with Bank’s standards that assure the Bank’s compliance with industry regulations. Keeping informed and well versed on financial industry regulations demands in different regions based on practical experience. Pursuing security and control process improvements to advance security compliance and improve internal processes.

Candidate Value Proposition:

You will have the opportunity to work in a diverse team, that encourages teamwork, provides learning opportunities and time for knowledge sharing. You will work with and learn from diverse industry leaders, who have hailed from top cybersecurity and technology companies around the world. Opportunity to make a significant impact as you will contribute to achieving the Bank’s regulatory and compliance commitments as well our responsibility and commitment to keeping our customers secure.

Typical Day in Role:

• Develop and execute a frameworks for risk and audit issues management, including the creation Participate in initiatives and projects driven by various business lines. Guide project and delivery managers to design and establish sound information security practices, facilitating key artifacts such as security design documents, threat/risk assessments and data classifications with the owner to ensure that risk is identified and effectively managed.
• Provide first line subject matter expert advice on pervasive Bank’s information security standards, policies and processes, information security world class standards and major regulations in the industry.
• Liaise with internal and external security teams, local and international, and participate in reviews that pertain to compliance with Bank and Regulatory IT security controls and guidelines.
• Work with our business line partners to assess risk and avoid deviations to Bank standards; where possible, identifying secure solutions. When unavoidable, escalate deviations or risk acceptance requests through appropriate channels.
• You enjoy taking part in initiatives to contribute to the strategic direction for security related technologies or other controls that need to be put in place to reduce the threat levels to the company.
• You excel managing vendor interactions to evolve and continually improve the bank’s protection programs.
• You thrive in delivering best in class support for all endpoint technologies.
• You are comfortable providing metric and reports to the leadership teams.

Candidate Requirements/Must-Have skills:

• 10+ years of working experience as an IT Security Analyst, and keep current with relevant technological change and information security best practices.
• Recent hands-on experience with cloud security controls and experience in deployments and cloud architecture security.
• Recent hands-on experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application and networking environments.
• Strong knowledge of IT infrastructure and data centre processing environments. Knowledge of security technologies such as: Identify & Access Management, PKI, Intrusion
• Prevention, vulnerability assessments. Knowledge of network security components such as firewalls, routers, intrusion detection, anti-virus software.
• Strong Microsoft Office software skills particularly Excel, Word, Visio and PowerPoint.
• Working knowledge of regulatory guidelines related to the financial industry like OSFI.

Nice-To-Have Skills:

• Knowledge of the financial services’ Security Governance Framework (policies and standards) is a strong asset.
• Knowledge of Agile, Lean, Rapid Labs and other accelerated project frameworks would be an asset.
• Security Certifications: CISSP, CCSP, GSEC, CISA, CISM, etc.

Soft Skills:

• Must have advanced verbal and written communication skills in English, especially report writing ability.
• Proven ability to meet deadlines for multiple assignments and adapt quickly to changing priorities.

Best vs. Average Candidate:

• Well developed communication skills are required, and the ability to confidently present ideas and recommendations at formal presentation and conference calls.
• Security Advisory Banking experience.
•  Ability to complete threat risk assessments.