Senior Information Security Advisor - Scarborough, ON
You will be responsible for providing advisory services to business lines, subsidiaries and affiliates enabling the achievement of the Bank's Information Security Policy. Specifically, you will provide advisory services to assist in the development and support of sound security strategies and secure control processes to protect the Bank's information and data resources, by:
• Acting as a central point of reference and core competency for Information Security. Assisting in the classification and protection of data resources by providing guidance on secure and cost effective implementation of Bank's security policies and standards.
•Representing Information Security in projects, initiatives, mergers and acquisitions. Working with business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank. Drive initiatives and support business functions to assess security risks and to make informed decisions to protect information assets.
•Leading security due diligence reviews over third party services providers to determine if implemented security and control practices align with the Bank and industry best practices. Working with the relationship owner and the 3rd party to create and track an action plan for remediation of identified issues.
•Providing guidance to design, develop and implement sound risk management controls in accordance with Bank's standards that assure the Bank's compliance with industry regulations. Keeping informed and well versed on financial industry regulations demands in different regions based on practical experience.
•Pursuing security and control process improvements to advance security compliance and improve internal processes.
Key Job Accountabilities:
- Participate in initiatives and projects driven by various business lines. Guide project and delivery managers to design and establish sound information security practices, facilitating key artifacts such as security desgin documents, threat/risk assessments and data classifications with the owner to ensure that risks are identified and effectively managed.
Where required by risk, lead due diligence reviews over third party outsourcing partners to ensure that their security posture aligns with the Bank and industry best practice. Work with the relationship owner and the third party to create and track an action plan for remediation of issues.
- Acting as a central point of reference and core competency for Information Security, providing first line subject matter expert advise on classification and protection of data through Bank's information security standards, policies and processes, and industry best practices.
- Liaise with internal and external security teams and business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank.
- Work with our business line partners to assess and ensure compliance to the Bank standards. Escalating risk through appropriate channels.
- Must have a solid understanding and experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application and network environments
- Strong knowledge of cloud security controls, cloud computing concepts, and cloud architecture security
- Knowledge of financial services' Security Governance Framework (policies and standards) is a strong asset
- Knowledge of Agile, Lean, Rapid Labs and other accelerated project frameworks would be an asset
- Strong knowledge of cryptographic concepts leveraged in modern applications and systems
- Strong knowledge of UNIX and Windows operating systems with emphasis on security features
- Sound knowledge of static and dynamic code analysis
- Sound knowledge of Identity & Access Management, PKI, Intrusion Prevention, and vulnerability assessments
- Sound knowledge on one or more of the following database, Oracle, DB2, Sybase, SQL Server
- Sound knowledge of network security components such as firewalls, routers, intrusion detection, anti-virus software
- Strong Microsoft Office software skills particularly Excel, Word, Visio, and Powerpoint
- Must have advance verbal and written communication skills in English.
- Working knowledge of regulatory guidelines related to the financial industry like OSFI
University Degree in computer science/related field or relevant work experience
Certifications in CISSP, CEH CCSP, CISA, CRISC are nice to have
Sr Technical Recruiter
Sr Technical Recruiter
Please contact me with any questions: