Infosec

We are banking at another level.

Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.

Choosing BDC as your employer also means:
- Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few- In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1- A hybrid work model that truly balances work and personal life- Opportunities for learning, training and development, and much more...

POSITION OVERVIEW

The Line of Business Advisory Specialist (BISO) - InfoSec will contribute to the overall successful development and execution of BDC’s overall First Line of Defense IT Tech Risk program designed to give confidence to customers, our shareholder, management, and regulators, that BDC operates in a proactive, well-managed, and risk-conscious manner, by serving as a conduit agent between respective business and InfoSec teams.

Additionally, this position will support the continuously elevating BDC and designated Line of Business’s cyber risk posture by promoting a cyber aware culture, raising awareness on BDC’s Information Security policies, cyber best practices, and working towards identification and reduction of risks in business operations.

CHALLENGES TO BE MET- Support business strategy by aligning with InfoSec security tools/services- Gather insights for InfoSec from businesses to influence CISO strategy and facilitate development of security tools/services to enable business objectives- Provide advice/support to business executives on a wide array of cybersecurity matters (e.g., selection of third parties, raising awareness on new technologies)- Support the LoB and CISO in optimizing costs for establishing and operating security tools by finding opportunities to re-use existing tools/services and leveraging Enterprise tools/technologies as necessary- Build and enhance the function brand and act as a trusted advisor to the business- Improve BDC’s understanding of risk and how to operate in a risk-conscious environment- Deliver in-depth risk assessments/reviews, including identifying and documenting risks and controls, creating detailed process flows and assessing the implementation- Support in the ownership, accountability, oversight, and roadmap of the Tech Risk service- Serve as the LoB point of contact in case of cyber incidents and coordinate a response by bringing business, cyber and other teams together as necessary- Develop, monitor, and report business specific cyber KPIs and KRIs to relevant stakeholders and committees- Provide guidance to third party partners in implementing cyber controls for risk remediation, assist business teams in explaining the impact of identified risks to enable effective decision-making- Collaborate with Enterprise teams to provide data-driven cyber risk insights to business for effective risk management (e.g., zero-day vulnerabilities and their impact on BDC, impact of BDC on failure of key service providers)-
- Support Enterprise teams in the identification of risk owners for business assets and ensure that the risk owners are aware of risk impacts- Facilitate business and technology participation in incident response tabletop exercises as needed, and support identified remediation activities- Raise awareness for risk ownership and decision making focused on risk reduction while meeting business objectives and in accordance with BDC risk management framework- Lead cybersecurity assessments to meet internal (high risk) and external risk reporting/ compliance requirements- Collaborate with Cyber Operations to monitor the external threats and regulatory environment related to the business to ensure appropriate coverage and mitigation of risks through policies and strategies- Collaborate with InfoSec to build and maintain relationships with regulators and financial institutions to facilitate the exchange of information and ideas- Raise the bar for cybersecurity awareness within business executives by promoting targeted learning and awareness campaigns (e.g., spear phishing)

WHAT WE ARE LOOKING FOR- 8+ years of experience in information security, technology risk, or related field- 3+ years of experience in communicating and reporting to executive leaders- 3+ years of experience working with teams in managing financial products- Professional certifications in information security (e.g., CISSP, CCSP, CISM) are an asset- Knowledge of IT-related frameworks (i.e., NIST CSF, COBIT, ISO27001/27002)- Understa