Location: WFH – Toronto
Contract Duration: 1 Year contract
Business Line: Cryptography – issues cryptographic keys/ SSL Certificates following regulatory compliance.
Story Behind the Need
• Project Summary . Ensure OSFI audit finding (#4) is closed in a timely manner and remain in good standing by providing on-going support.
Typical Day in the Role:
– Participating in annual regulatory audits by providing key activity evidence.
– Performing administration tasks such as maintaining operational documentation, key inventory & custodian records.
– Participating in projects as needed
1. Ensure OSFI audit finding (#4) is closed in a timely manner and remain in good standing by providing on-going support.
2. Augment bank's Crypto Production Centre to ensure proper staffing levels to meet requests and SLAs and proper custodianship of Bank's master/root keys.
3. Remove single-point-of-failure for Bank's certificate issuance, reduce overtime and avoid SME burnout.
4. Increase the frequency to backup DR sites for Operational resiliency.
5. Issuance of SSL Certificate and root keys (SaaS,GYOK,BYOK).
6. Perform key ceremonies in CPC (Air-gapped offline facility) in close proximity with other custodians.
7. Key custodian ownership
8. Working with overarching Enterprise RnR to build working level output per use case (e.g. SSL certificates, SSH, Vaults across platforms, Payment Keys, Mainframe Symmetric).
9. Socialization and document attestation activities with 1500 + key stakeholders/project teams.
10. Develop and formalize key attestation program (e.g. SSL certificates, SSH, Vaults across platforms, Payment Keys, Mainframe Symmetric).
11. Second pair of eyes to clean up the presentation decks before presenting to various user groups
12. Providing business and administrative support to ensure coordination and successful adoption of new customized matrix.
13. Works with key stakeholders within all business functions to align technology solutions with business strategies
14. Demonstrates an informed knowledge of business functions to resolve problems and capitalize on improvement opportunities
15. Supports one or more highly complex business processes
Qualifications of Must have Skills:
1. At least 4 years of experience in Information security
2. At least 2 years of prior work experience within FI, Banking
3. At least 2 years of work experience using MS Office tools like (Teams, SharePoint, O365)
4. At least 1 year of experience with Vault Technology
5. You possess excellent verbal, written, and presentation skills, attention to detail, strong organizational & planning ability
Nice to have Skills:
1. Regulatory and Governance experience within OSFI Audit
2. Security certification(s) (e.g. CISSP, CISM, Security+ or others) would be an asset(s)
3. Knowledge of Cryptographic related solutions (Symmetric Crypto keys, Hardware Security Modules) would be an asset(s)
4. Confluence is considered an asset
5. Strong Excel experience: Creating Pivot tables and V-lookups would be an asset
Education: Associate's degree in a technical field such as computer science, computer engineering or related field required