Information & Cyber Security Specialist

**Job Overview**

This senior-level role is critical to enhancing our enterprise security posture through leadership in risk management, compliance, and secure project delivery. This role will work cross-functionally to embed security into business processes and technology initiatives, ensuring alignment with regulatory and organizational standards.

**Key Responsibilities**
- Security Leadership_
- Aid in the development and implementation of enterprise-wide information security strategies.
- Provide expert guidance on secure architecture, design, and principles during IT and business project lifecycles.
- Act as a security advisor for technology initiatives, ensuring alignment with best practices and compliance requirements.
- Participate in the execution of an enterprise Business Continuity Plan and Disaster Recovery Plan.
- Risk ManagementCompliance_
- Conduct information security risk assessments and threat modeling.
- Contribute and manage risk registers and mitigation plans.
- Ensure compliance with regulatory frameworks (e.g., ISO 27001, NIST, PCI-DSS, FSRA/OFSI, PIPEDIA/CPPA).
- Support internal and external audits and lead remediation efforts.
- GovernancePolicy Development_
- Contribute to information security policies, standards, procedures, and guidelines.
- Collaborate on IT Governance, Risk, and Compliance (GRC) initiatives.
- Monitor, respond, and report on security KPIs and KRIs.
- Monitor for security policy violation(s) and recommend corrective action(s).
- Security OperationsIncident Response_
- Oversee the configuration and monitoring of security technologies (SIEM, EDR, CASB, IDPS, firewalls).
- Lead investigations of complex security incidents and coordinate response and recovery.
- Conduct root cause analysis and develop post-incident improvement plans.
- Escalate and report on key incidents and progress of remedial efforts to their manager
- VulnerabilityThreat Management_
- Perform advanced vulnerability assessments and penetration testing.
- Collaborate with teams to prioritize and remediate findings.
- Stay current with emerging threats and security technologies and propose process or technology improvements for continuous improvement.
- Participate in the design and execution of penetration tests and security audits.
- AwarenessTraining_
- Design and deliver targeted security awareness programs.
- Lead quarterly audits including access reviews and privileged account management.
- PhysicalData Security_
- Oversee physical security systems (access control, surveillance).
- Support data classification, protection, and data governance initiatives.
- Perform other duties as assigned.

**Required Skills**:

- College diploma or university degree in the field of computer science
- 5-7 years of progressive experience in IT and Information Security roles
- Actively pursuing or currently possess one or more of the following certifications:

- GIAC Information Security Professional (GISP)
- Microsoft Certified: Security Operations Analyst Associate
- CAP, CISA, CCFP, CCSP, CISSP, CISM, GIAC
- Associate of (ISC)2
- Proficient with SEIM, Firewallsdata classification
- Proficient with endpoint detection and response (EDR), CASB, IDPS and other security technologies.
- Strong knowledge of security frameworks and standards such as MITRE, CIS, NIST, PCI, COBIT and ISO 27001.
- Experience with Varonis is an asset.
- Experience advising on security in cloud, hybrid, and on-prem environments.
- Working technical knowledge of system vulnerability scanning and remediation.
- Strong understanding of OSI Model, IP, TCP/IP, and other network administration protocols.
- Strong understanding of Windows and Linux operating systems.
- Familiarity with core banking system related security is considered an asset.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in a business-friendly and user-friendly language.
- Excellent communication and stakeholder engagement skills.
- Highly self-motivated and directed.
- Team-oriented and skilled in working within a collaborative environment.
- Must have on-call availability.
- Lifting and transporting moderately heavy objects, such as computers and peripherals. Valid Driver's license and ability to travel to branch location as required.