Senior Information Security Specialist

OverviewWe are seeking a security professional for the role of Senior Information Security Specialist who can apply their security knowledge to provide holistic cybersecurity advisory services to the enterprise. In collaboration with our IT team and business partners you will be a part of the technology team responsible for ensuring the safety and resiliency of digital operations.ResponsibilitiesStrategy and Leadership: Design and lead cyber-resilience strategiesStrategy and Leadership: Improve organizational preparedness through conducting risk assessments, business impact analyses, and align resilience goals to business objectivesStrategy and Leadership: Develop and maintain an incident response plans, continuity strategies, and recovery protocolsStrategy and Leadership: Provide expert guidance during security related incidentsStrategy and Leadership: Deliver and serve as a subject matter expert on organizational training initiatives related to IT securityStrategy and Leadership: Propose, pilot, and implement new security controls based on threat landscape and business riskStrategy and Leadership: Act as a lead expert resource in technology controls / information security for project teams, the business, and vendorsStrategy and Leadership: Apply advanced knowledge of the organization, technology controls, security, and risk managementStrategy and Leadership: Define and prioritize changes to security tools and platforms; work with IT Operations analysts to implement them; validate effectiveness, track health, and manage integrations across the environmentSecurity Engineering & Zero-Trust Operations: In partnership with IT Operations analysts, lead the operation of security tools and platforms by defining configuration intent, tuning backlogs, health standards, upgrade plans, and integrationsSecurity Engineering & Zero-Trust Operations: Implement Zero-Trust controls: device compliance, least privilege, and network/application segmentation across Microsoft 365 security suite of tools and applicationsSecurity Engineering & Zero-Trust Operations: Maintain Center for Internet Security (CIS)-aligned baselines and track configuration driftSecurity Engineering & Zero-Trust Operations: Engineer and evolve controls: policy design, configuration profiles, attack surface reduction rules, allow/deny lists, rollback plans; schedule and execute changes through change controlSecurity Engineering & Zero-Trust Operations: Develop and maintain detection content (analytics, rules, playbooks) and data pipelines/queries to improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)Security Engineering & Zero-Trust Operations: Propose, pilot, and implement new security capabilities tied to threat landscape and business risk, with clear success criteriaThreat Detection, Incident Response & Cyber Resilience: Lead investigations across Microsoft 365 security suite of tools and applications driving containment, eradication, and recoveryThreat Detection, Incident Response & Cyber Resilience: Produce concise technician and executive summaries; run Post-Incident Reviews (PIRs) and track actions to closureThreat Detection, Incident Response & Cyber Resilience: Design and maintain incident response plans, continuity strategies, recovery protocols, and tabletop exercises; validate backup/restore and recovery objectives; feed lessons into process and configuration updatesThreat Detection, Incident Response & Cyber Resilience: Provide expert guidance during cybersecurity incidents; coordinate with IT Operations for hands-on actions; surge as needed for major incidents or critical deploymentsThreat Detection, Incident Response & Cyber Resilience: Deliver targeted training and awareness to strengthen resilience and improve control adoptionGovernance, Requirements & Third-Party Assurance: Align governance to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)Governance, Requirements & Third-Party Assurance: Lead business analysis and requirements: define needs, benefits, and problem/opportunity statements; manage scope, estimates, and schedule; apply elicitation techniques; produce user stories, use cases, non-functional requirements (NFRs), integration and data-mapping specs; maintain end-to-end traceabilityGovernance, Requirements & Third-Party Assurance: Establish process and change management: author runbooks/Standard Operating Procedures (SOPs), exception handling, and a security change flow with RACI; support QA test plans, defect triage, and readiness activitiesGovernance, Requirements & Third-Party Assurance: Embed security and framework mapping in Request for Information (RFI) / Request for Proposal (RFP) requirements and vendor integrationsReporting, Metrics & Executive Communication: Build consolidated, tool-agnostic dashboards Daily Operations, Weekly Management, MonthlyReporting, Metrics & Executive Communication: Report unified metrics (MTTD, MTTR, false-positive rate, control compliance, baseline drift, with consistent definitions)Reporting, Metrics & Executive Communication: Publish commentary on trends, exceptions, and decisions required; maintain metric definitions and data lineage so results are auditableWhat you need to be successfulPost secondary education in computer science, information security or related field (4 year degree preferred).7 plus years of experience in IT security and risk disciplines7 plus years hands on operational experience designing, developing, and implementing comprehensive cyber-resilience strategies7 plus years of experience performing risk assessments and business impact analyses; identify vulnerabilities and dependencies7 plus hands on experience developing incident response plans, continuity strategies, and recovery protocols5 plus years of experience leading cross-functional initiatives to enhance preparedness against cyber threats and incidents5 plus years of experience with NIST CSF, CIS Controls/CIS Benchmarks, and mapping operational controls to governance frameworksAbility to collaborate with IT, security, and business units to align resilience with organizational objectivesAdvanced knowledge of Microsoft 365 / Microsoft Entra ID / Microsoft Intune / Microsoft Defender; SentinelOne; Sublime Security; Kusto Query Language (KQL); Microsoft PowerShell / Python (light automation); Microsoft Power BI reportingAbility to work independently and prioritizes tasks in a timely manner.Advanced facilitation and communication skills with the ability to negotiates and influences stakeholders.Microsoft certifications such as SC-200 (Microsoft Security Operations Analyst), SC-300 (Microsoft Identity and Access Administrator), SC-400 (Microsoft Information Protection Administrator), or AZ-500 (Microsoft Azure Security Engineer Associate); International Institute of Business Analysis (IIBA) / Certified Business Analysis Professional (CBAP) or equivalent Business Analysis accreditation (assets)Information security certification/accreditation an assetThe perksEmployer paid extended health, vision, and dental coverage (including family)Employee and Family Assistance ProgramYearly health and wellness benefitRPP eligibility after one yearEmployee recognition programIn-house professional development opportunitiesWhy Broadstreet?Broadstreet Properties Ltd. is a family owned and operated property management company, partnered with Seymour Pacific Developments, that manage multi-family residential communities. We are a growing organization made up of diverse team members who are motivated to continuously innovate our approach to asset management. We consider employee wellbeing a priority and are dedicated to protecting the health and safety of our teams while ensuring a workplace that is respectful of everyone.Broadstreet Properties Ltd. practices equal opportunity hiring and onboarding processes to ensure equal access and participation for everyone. We understand that we have a responsibility for ensuring a safe, dignified, and welcoming environment and we are committed to creating an inclusive environment for all employees irrespective of race, colour, religion, sexual orientation, gender identity, or any other status protected by law. We believe in integrating people with disabilities into our workforce by removing barriers and meeting accessibility needs.Powered by JazzHRRnNV2kCODu #J-18808-Ljbffr