Information Security Specialist

Hybrid - 4 days a week on sitedowntown Toronto Information Security Specialist - Cyber Security Incident Response As an Information Security Specialist, you will play a critical role in detecting, investigating, and responding to cyber threats targeting The Bank.You will work within the Cyber Security Incident Response Team (CSIRT), leading in complex. Investigations, developing detection and hunting techniques, and strengthening our incident response capabilities.This role requires an experienced security professional with deep technical expertise in incident handling and analysis, malware investigation and containment, and cyber kill chain. You will be responsible for identifying and mitigating cyberthreats, collaborating with stakeholders across Protect Platform, ITS, and business teams to reduce risk and enhance our security posture.The personnel in this role will work as part of a cyber security operations team responsible for carrying out 24x7 security monitoring operations. Operations are carried out on a rotating shift schedule than involves occasional on-call and/or weekend support.Here are the essential job functions of this position:Guide partners on a broad range of technology throughout incidentsLead Cybersecurity Incidents and Cybersecurity eventsLead or contribute to containment and recovery plans for Cybersecurity IncidentsContribute to the definition, development, and oversight of a global security management strategy and frameworkEnsure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against The Bank businesses and network domainsDevelop on-going operational enhancements for Cybersecurity including alerting, monitoring, and detection across multiple security domainsAdhere to internal policies and procedures, technology control standards, and applicable regulatory guidelinesContribute to the review of internal processes and activities and assist in identifying potential opportunities for improvementAdhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activitiesInfluence behavior to reduce risk and foster a strong technology risk management culture throughout the enterpriseJob RequirementsHere are the minimum requirements for this position:University degree or equivalent hands-on work experience7+ years of hands-on relevant experienceExpert knowledge of Information Technology (IT) security and Incident Management practices across multiple cybersecurity domains.Candidate must possess strong hands-on experience with traditional incidents response detection tools such as SIEM, EDR, XDR, Firewall, WAF, email proxies, NIDS, and equivalentCandidate should possess advanced hands-on experience in all modern Operating Systems (Window/NIX/Cloud/Mobile)Should have advanced scripting skills, can read data structures and software binary codeAdvanced knowledge of Enterprise, technology controls, cybersecurity, and cyber risk issuesStrong communications, leadership and people building skills within Information Technology and/or CybersecurityA demonstrated ability to participate in complex, comprehensive and large projectsHas the ability to serve as a leading expert in technology controls and information security for project teams, the business, organization, and external vendorsMust be eligible for employment under regulatory standards applicable to the positionPreferred qualifications for this role:Extensive experience as an Incident commander or manager working on complex information security and cybercrime-related incidents, requiring coordination with internal and external enterprise teams, as well as third parties and vendors, partnersExtensive experience working cybersecurity events and incidents related to network layer 7/application and internet facing attacks ·Extensive experience briefing Senior Executives related to cybercrimes, information security incident triage, incident containment, and incident recoveryExtensive experience authoring complex communications associated with cybercrime and information security incident triage, incident containment, and incident recovery ·Extensive experience authoring and maintaining electronic and operational playbooks, and other process/governance documentation.Understanding of Security principles, techniques and technologies such as NIST Cybersecurity Framework, SANS Top 20 Critical Security Controls and OWASP Top 10, MITRE Attack.Expert knowledge of SIEM and UEBA solutions such as Splunk, Azure Sentinel or similar, along with experience of CrowdStrike, MS Defender for Endpoint, XSOAR.Expert knowledge of forensics tools such as Encase, Axiom, Autospy, OSForenscis, FTK imager or similar.Certifications: GIAC (GCIA, GPEN, GWAPT, GCIH, GSEC, GCFA), CCNP, CCNA, CISSP, Cloud securityDisclaimer:AI may be used in evaluating candidates.This posting is for an existing vacancy. Apply