Job Title – Info Security Analyst x2 Duration: 6 Months Extension possible: Yes Location: – Toronto Degree/Certifications Required: Undergrad Degree required, Security Designation strongly preferred (CISSP, CRISC, etc.) ADDITIONAL DETAILS: Reason for request/why opened: Backfill for a previous contractor % Interaction with Stakeholders: 100% Team Size: ~8 people altogether, ~6 people in the Toronto Location Personality Style/Team Culture: Friendly; laidback and collaborative Selling Points of Position: Getting into one of the largest teams within earning opportunity for individual, interacts with business and technology teams not just a technical infosec position; a lot of stakeholder relationship management and client facing interaction working as a project partner for various initiatives. Ability to work from Mississauga some of the time. Best Vs Average Candidate: Someone who can hit the ground running, has strong experience within Info/Cyber Security and with control gap assessments, reporting on security initiatives and overall KRIs, excellent communication, written and reporting skills. How will performance be measured: Deliverables + Feedback SUMMARY OF DAY TO DAY RESPONSIBILITIES: • Provide technical guidance on a range of specific Technology Controls and Information Security programs, policies, standards and incidents. • Lead risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas. • Conduct comprehensive risk and control design assessments for an application portfolio, articulate and document impact of control gaps to the business and enterprise-wide, risk mitigation and remediation plans, remediation strategy document or provide information security solutions to address risks. • Provide guidance and/or lead on the development of on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area. • Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area. • Proactively work with technology partners and stakeholders and service/platform owners to ensure all technology security components are integrated into the bank’s overall Enterprise Architecture, and any control gaps are addressed. • Adhere to, advise on, oversee, monitor, enforce enterprise frameworks and methodologies related to technology controls and information security activities. • Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise. MUST HAVES: 1.) Information Security background – 10+ years 2.) Experience with security standards/framework – PCI-DSS – 4+ years 3.) Experience with application risk assessments – 5+ years 4.) Experience with Key Risk Indicators reporting – 5+ years 5.) Experience with Control Gap assessments within infosec – 4+ years 6.) Experience with JIRA/Confluence – 2+ years 7.) Stakeholder Coordination – Working with technology partners and stakeholders for implementation of security components, providing status updates, recommendations, etc. – 4+ years 8.) Working on Projects conducting assessments and advising on best practices – 3+ years 9.) PCI-DSS Advisory – 3+ years 1.) Previous client experience 2.) Previous Banking/Financial Industry experience 3.) Security Certification – CISA, CISSP, CRISC, etc. 4.) Tableau for reporting 5.) Archer experience

Qualification	Rating
Must Have
Short-listing Questions
Has your candidate worked a client as a Full Time employee?	Yes
Skills
Control Gap assessments within infosec	4 years
Experience with key risk indicators reporting	5 years
Information Security	10 years
Jira and Confluence	2 years
PCI-DSS, NIST, ISO27001 security frameworks	4 years
Previous experience on application risk assessments	5 years
Working on Projects conducting assessments and advising on best practices	3 years
Working with stakeholders to gather and translate business requirements into technical solutions	4 years
Nice to Have
Short-listing Questions
Experience working with Archer	Yes
Previous client experience	Yes
Tableau Experience	Yes
Skills
CISSP, CISA, CRISC certifications	Yes
Previous experience working within a banking/financial institution environment	1.5 years