Information & Cyber Security Specialist

FirstOntario Credit Union


Date: 8 hours ago
City: Hamilton, ON
Contract type: Full time
Job Overview

This senior-level role is critical to enhancing our enterprise security posture through leadership in risk management, compliance, and secure project delivery. This role will work cross-functionally to embed security into business processes and technology initiatives, ensuring alignment with regulatory and organizational standards.

Key Responsibilities

Security Leadership

  • Aid in the development and implementation of enterprise-wide information security strategies.
  • Provide expert guidance on secure architecture, design, and principles during IT and business project lifecycles.
  • Act as a security advisor for technology initiatives, ensuring alignment with best practices and compliance requirements.
  • Participate in the execution of an enterprise Business Continuity Plan and Disaster Recovery Plan.

Risk Management & Compliance

  • Conduct information security risk assessments and threat modeling.
  • Contribute and manage risk registers and mitigation plans.
  • Ensure compliance with regulatory frameworks (e.g., ISO 27001, NIST, PCI-DSS, FSRA/OFSI, PIPEDIA/CPPA).
  • Support internal and external audits and lead remediation efforts.

Governance & Policy Development

  • Contribute to information security policies, standards, procedures, and guidelines.
  • Collaborate on IT Governance, Risk, and Compliance (GRC) initiatives.
  • Monitor, respond, and report on security KPIs and KRIs.
  • Monitor for security policy violation(s) and recommend corrective action(s).

Security Operations & Incident Response

  • Oversee the configuration and monitoring of security technologies (SIEM, EDR, CASB, IDPS, firewalls).
  • Lead investigations of complex security incidents and coordinate response and recovery.
  • Conduct root cause analysis and develop post-incident improvement plans.
  • Escalate and report on key incidents and progress of remedial efforts to their manager
  • Provide on-call support for end users for all security solutions (ex. Blocked email).

Vulnerability & Threat Management

  • Perform advanced vulnerability assessments and penetration testing.
  • Collaborate with teams to prioritize and remediate findings.
  • Stay current with emerging threats and security technologies and propose process or technology improvements for continuous improvement.
  • Participate in the design and execution of penetration tests and security audits.

Awareness & Training

  • Design and deliver targeted security awareness programs.
  • Lead quarterly audits including access reviews and privileged account management.

Physical & Data Security

  • Oversee physical security systems (access control, surveillance).
  • Support data classification, protection, and data governance initiatives.
  • Perform other duties as assigned.

Required Skills

  • College diploma or university degree in the field of computer science
  • 5-7 years of progressive experience in IT and Information Security roles
  • Actively pursuing or currently possess one or more of the following certifications:
    • GIAC Information Security Professional (GISP)
    • Microsoft Certified: Security Operations Analyst Associate
    • CAP, CISA, CCFP, CCSP, CISSP, CISM, GIAC
    • Associate of (ISC)2
  • Proficient with SEIM, Firewalls & data classification
  • Proficient with endpoint detection and response (EDR), CASB, IDPS and other security technologies.
  • Strong knowledge of security frameworks and standards such as MITRE, CIS, NIST, PCI, COBIT and ISO 27001.
  • Experience with Varonis is an asset.
  • Experience advising on security in cloud, hybrid, and on-prem environments.
  • Working technical knowledge of system vulnerability scanning and remediation.
  • Strong understanding of OSI Model, IP, TCP/IP, and other network administration protocols.
  • Strong understanding of Windows and Linux operating systems.
  • Familiarity with core banking system related security is considered an asset.
  • Proven analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Ability to conduct research into IT security issues and products as required.
  • Ability to present ideas in a business-friendly and user-friendly language.
  • Excellent communication and stakeholder engagement skills.
  • Highly self-motivated and directed.
  • Team-oriented and skilled in working within a collaborative environment.
  • Must have on-call availability.
  • Lifting and transporting moderately heavy objects, such as computers and peripherals.
  • Valid Driver's license and ability to travel to branch location as required.
Accommodations for persons with disabilities area available upon request during the application process

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume