Information Security Specialist, IT Security

We are banking at another level.

Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.

Choosing BDC as your employer also means:
- Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few- In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1- A hybrid work model that truly balances work and personal life- Opportunities for learning, training and development, and much more...

POSITION OVERVIEW

The information security Specialist is responsible for the day-to-day security activities to ensure BDC’s technological environment is well protected and responding to information security incidents

Use and evolve Info Protection use cases (O365 - Symantec DLP - Symantec Cloud Soc etc.) to detect potential exfiltration.

CHALLENGES TO BE MET- Develop and draft processes and procedures related to information protection operations.- Work closely with IT operations and other teams to implement and continuously improve controls efficiency.-
- Perform technical forensic investigation analysis when instructed and produce all documents and evidence necessary to support and meet the needs of the investigation.- Ensure server, workstation, networking equipment, IoT are identified and mitigated.- Develop strategies to address information security awareness and training for all stakeholders.- Develop and implement effective and reasonable policies and procedures.- Coordinate and track all information security related audits.- Work with vendor to ensure Data Loss Prevention (DLP) rules are appropriate and working as expected.- Monitor and mitigate insider threat alerts and document investigations while maintaining a high level of confidentiality.- Respond to emergency situations as needed, to identify, assess and mitigate critical data protection issues.- Perform other related duties as assigned.

WHAT WE ARE LOOKING FOR- Minimum 5 years’ experience in IT, 3 of which in network and/or security- Must have solid experience with at least one of each leading DLP tools: O365 - Symantec DLP - Symantec ClouSoc; other DLP type tools/services are an asset- Must have solid experience with Data Loss Prevention solution: Microsoft, Symantec- Any of the following certifications is an asset: GSEC, GPPA, GCIA, GCWN, GMON, GCDA, OSCP- Minimum of 1 years' experience with a programming or scripting language such as Python or PowerShell in the context of IR tool building capacity- Familiar with cyber frameworks such as ATT&CK, Cyber Kill Chain and Diamond Model- Leadership, autonomy, vigilance, team spirit, ability to see the big picture, and discretion- Ability to simplify complex issues- Knowledge of open source platforms- Sense of priority, understanding of issues, criticality and impact- Strong working knowledge of networking technologies- Strong experience with Windows platform- Open-source knowledge- Ability to share information with peers and transfer knowledge- Ability to handle multiple requests and manage priorities- Ability to translate and integrate theory into the specifics and tactical realities of IT operations- Ability to effectively communicate in both official languages (English & French)

.