Location: WFH – Toronto
Contract Duration: 5 Months
Story Behind the Need
• Project Summary :
– Acting as a central point of reference and core competency for Information Security.
– Assisting in the classification and protection of data resources by providing guidance on secure and cost-effective implementation of Bank's security policies and standards.
– Looking for a Senior Security advisor to complete risk assessments, threat risk assessments, security consultations to business line.
– Representing Information Security in projects, initiatives, mergers, and acquisitions. Working with business lines to develop sound security strategic and tactical plans towards the reliable implementation of cons 4. Providing guidance to design, develop and implement sound risk management controls in accordance with Bank's standards that assure the Bank's compliance with industry regulations
– Pursuing security and control process improvements to advance security compliance and improve internal processes.
– Instant and secure control processes to protect the Bank. Drive initiatives and support business functions to assess security risks and to make informed decisions to protect information assets.
The incumbent is required to analyze operational/security risks, threats, and potential exposures as well as to make recommendations on the necessary controls to reduce security risks to the Bank:
1. Participate in initiatives and projects driven by various business lines. Guide project and delivery managers to design and establish sound information security practices, ensuring that key artifacts such as security design documents, threat/risk assessments, and data classifications are in place and that risk is effectively managed.
2. Where required by risk, oversee due diligence reviews over third-party outsourcing partners to ensure that their security posture aligns with the Bank and industry best practices. Work with the relationship owner and the 3rd party to create and track an action plan for remediation of issues.
Qualifications of Must have skills:
1. Must have a strong understanding and have a minimum of 5 years of working experience providing consultation with IT security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application, and networking environments
2. Must have strong knowledge of regulatory guidelines related to the financial industry such as the Office of the Superintendent of Financial Institutions (OSFI) and Payment Card Industry Data Security Standard (PCI DSS).
3. Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
4.Must have knowledge of IT industry security & control best practices and frameworks such as ISO and COBIT.
5. Experience in infrastructure or application-level vulnerability testing and auditing
6. . Should have sound knowledge of security software (such as ACF2 and Active Directory); UNIX and Windows operating systems with an emphasis on security features; one or more of the following databases – Oracle, DB2, Sybase, SQL Server; and network security components (such as firewalls, routers, intrusion detection, anti-virus software).
7. Must have one of these accreditations in good standing: CISA / CISSP
1. Must be able to adapt quickly to changing priorities.
2. Must independently manage assignments to completion, ensuring line management is aware of potential issues.
Qualifications: Associate's degree in a technical field such as computer science, computer engineering or related field required