Information & Cyber Security Specialist

Job Overview

This senior-level role is critical to enhancing our enterprise security posture through leadership in risk management, compliance, and secure project delivery. This role will work cross-functionally to embed security into business processes and technology initiatives, ensuring alignment with regulatory and organizational standards.

Key Responsibilities

Security Leadership

• Aid in the development and implementation of enterprise-wide information security strategies.
• Provide expert guidance on secure architecture, design, and principles during IT and business project lifecycles.
• Act as a security advisor for technology initiatives, ensuring alignment with best practices and compliance requirements.
• Participate in the execution of an enterprise Business Continuity Plan and Disaster Recovery Plan.
  
  

Risk Management & Compliance

• Conduct information security risk assessments and threat modeling.
• Contribute and manage risk registers and mitigation plans.
• Ensure compliance with regulatory frameworks (e.g., ISO 27001, NIST, PCI-DSS, FSRA/OFSI, PIPEDIA/CPPA).
• Support internal and external audits and lead remediation efforts.
  
  

Governance & Policy Development

• Contribute to information security policies, standards, procedures, and guidelines.
• Collaborate on IT Governance, Risk, and Compliance (GRC) initiatives.
• Monitor, respond, and report on security KPIs and KRIs.
• Monitor for security policy violation(s) and recommend corrective action(s).
  
  

Security Operations & Incident Response

• Oversee the configuration and monitoring of security technologies (SIEM, EDR, CASB, IDPS, firewalls).
• Lead investigations of complex security incidents and coordinate response and recovery.
• Conduct root cause analysis and develop post-incident improvement plans.
• Escalate and report on key incidents and progress of remedial efforts to their manager
• Provide on-call support for end users for all security solutions (ex. Blocked email).
  
  

Vulnerability & Threat Management

• Perform advanced vulnerability assessments and penetration testing.
• Collaborate with teams to prioritize and remediate findings.
• Stay current with emerging threats and security technologies and propose process or technology improvements for continuous improvement.
• Participate in the design and execution of penetration tests and security audits.
  
  

Awareness & Training

• Design and deliver targeted security awareness programs.
• Lead quarterly audits including access reviews and privileged account management.
  
  

Physical & Data Security

• Oversee physical security systems (access control, surveillance).
• Support data classification, protection, and data governance initiatives.
• Perform other duties as assigned.
  
  

Required Skills

• College diploma or university degree in the field of computer science
• 5-7 years of progressive experience in IT and Information Security roles
• Actively pursuing or currently possess one or more of the following certifications:
• GIAC Information Security Professional (GISP)
• Microsoft Certified: Security Operations Analyst Associate
• CAP, CISA, CCFP, CCSP, CISSP, CISM, GIAC
• Associate of (ISC)2
• Proficient with SEIM, Firewalls & data classification
• Proficient with endpoint detection and response (EDR), CASB, IDPS and other security technologies.
• Strong knowledge of security frameworks and standards such as MITRE, CIS, NIST, PCI, COBIT and ISO 27001.
• Experience with Varonis is an asset.
• Experience advising on security in cloud, hybrid, and on-prem environments.
• Working technical knowledge of system vulnerability scanning and remediation.
• Strong understanding of OSI Model, IP, TCP/IP, and other network administration protocols.
• Strong understanding of Windows and Linux operating systems.
• Familiarity with core banking system related security is considered an asset.
• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Ability to conduct research into IT security issues and products as required.
• Ability to present ideas in a business-friendly and user-friendly language.
• Excellent communication and stakeholder engagement skills.
• Highly self-motivated and directed.
• Team-oriented and skilled in working within a collaborative environment.
• Must have on-call availability.
• Lifting and transporting moderately heavy objects, such as computers and peripherals.
• Valid Driver's license and ability to travel to branch location as required.
  

Accommodations for persons with disabilities area available upon request during the application process