Search jobs > Toronto, ON > Manager architecture

Senior Manager of Security Architecture and Operations, Information Security

First National
Toronto, ON, Canada
$160K a year (estimated)
Full-time

We are hiring a Senior Manager of Security Architecture and Operations in our Information Security department!

The Role :

A strategic and integral member of the Information Security Team, reporting to the AVP, Information Security is responsible for ensuring the security, integrity, and availability of First National information assets.

The candidate will contribute to the management and continuous improvement of multiple security programs. The position entails the development, implementation, and maintenance of the security controls, through people, processes, and technology, across the organization.

This role requires the following skills :

  • Knowledgeable about architecture & design principles, network security, application security, vulnerability management, and incident management principles.
  • Assess the threat landscape and work internally to protect the organization from risk.
  • Effective and dynamic communicator.

Reporting To :

Assistant Vice President, Information Security

Full-Time / Part- Time :

Full-time

Posting Date : March 6, 2024

March 6, 2024

Closing Date : April 6, 2024

April 6, 2024

Hours of Work : 8 : 30 5 : 00

8 : 30 5 : 00

Grade : Office Location :

Office Location : Downtown Toronto

Downtown Toronto

Great location! Steps away from the main public transit station

What we offer :

Highly competitive compensation package which includes, base salary, bonus, benefits, and career advancement opportunities!

Eligibility for benefits is dependent on the terms of employment

What you will do :

  • Maintain secure, resilient enterprise-grade processes in tandem with various IT stakeholders, such as, Information Security, IT Infrastructure and Operations, Application Development, etc.
  • Maintain oversight of security systems and security configuration administration to adequately respond to risk to enterprise systems and accounts, both on-premise and the cloud.
  • Actively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats.
  • Prepare periodic reports to Information Security and IT Leadership to showcase the current security posture of our Information Security Program
  • Protect systems in compliance with Information security policies and standards such as ISO 27001 and SOC2.
  • Manage a team of Information Security professionals across multiple programs.
  • Influence internal and external partners to ensure they build solutions consistent with the organization's planned policies, programs, architectural recommendations, and Information Security standards, including within the cloud.
  • Attend regular technical project and implementation meetings and serve as the security ambassador to help guide secure application and infrastructure configurations, for on-premise and cloud systems.
  • Manage the day-to-day activities of threat and vulnerability management, recommend treatment plans, and communicate information about risks.
  • Support in the documentation of risks and mitigating controls, including policy / procedure updates.

Security Operations and Incident Management Program

  • Lead the implementation, configuration, and daily operation of Information Security technologies that are implemented in First National’s environments.
  • Act as a key figure in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement within the department;

and within the organization, from a technical standpoint.

  • Orchestrate the incident response process within the department, and work with key stakeholders within the department to respond, resolve and recover from the incident.
  • Manage third-party security partners, ensure objectives are met, and work in partnership to continuously improve security operations processes.
  • Act as an active participant within Incident Tabletop exercises
  • Streamline, mature and automate (where applicable), the Incident Response playbooks and processes within the organization.

Vulnerability Management Program

  • Analyze threat and vulnerability feeds data for applicability to the environment and perform compensating controls analysis and validate efficacy of existing controls and provide recommendations.
  • Lead the team to perform security research, analysis, assessments and support with penetration testing and remediation actions. This includes :
  • The external and internal coordination of periodic penetration testing and remediation tracking
  • Conduct application and network vulnerability assessments to evaluate attack vectors, identify vulnerabilities, and develop remediation plans.
  • Work with IT stakeholders to guide and assist them during the remediation process.
  • Develop and mature the Offensive Security Program that entails, web application penetration testing, red / purple teaming, etc.

Application Security Program

  • Ensure coverage and remediate of secure code review with Application Development stakeholders (including SAST & DAST)
  • Work with the Application Development leadership and delivery teams to integrate security controls within the development pipeline ensuring an efficient development process with early security control gates.
  • Working with IT groups to define, develop, socialize, and execute long-term application security roadmap.
  • Assisting in the evaluation, selection, onboarding, and management of AppSec vendors and tools.

Threat Modelling

  • Perform periodic threat modelling and maintain the model for currency and tracking of any risk remediation activities.
  • Assess information technology control elements to mitigate IT security risks regarding the confidentiality, integrity and availability of information and assets.

Audit and Compliance Management

  • Support the Information Security Department to provide adequate evidence to support the audit and provide responses for remediations.
  • Provide guidance and supervision on Information Security compliance to ensure Security controls are functioning appropriately within the organization.
  • Advise on development and implementation of Information Security metrics, measurement criteria and reporting to ensure compliance and continuous improvement.
  • Perform periodic compliance reporting to provide assurance of coverage and effectiveness of controls, such as, but not limited to
  • Secure configuration audits to complement the on-going Infrastructure and Application Vulnerability Management program.
  • Certificate scanning and work with the internal stakeholders to address any issues.
  • Review and tracking of firewall rule base review.
  • Configurations of Web Application Firewalls (WAF)

The Requirements Needed :

  • A total of 10 years of experience, with a minimum of 7 years of prior information security management work experience in a medium or large size organization is required.
  • 3+ years of experience with Microsoft Azure platform capabilities, best practices with architectures, and security toolsets.
  • 3+ years Security System administration and engineering experience in on-premise and / or cloud infrastructure.
  • 2+ years of SOC experience or responding to traditional or cloud based cyber security investigations.
  • Candidates with certifications such as CISSP, CCSP, OSCP, GPEN, or CISM, are preferred.
  • Experience with MS Sentinel, and Microsoft suite of security products, such as, but not limited to, Defender for Endpoint, Defender for Identity, Defender for cloud, etc.
  • Experience in incident response and forensics a strong asset.
  • Familiarity with the MITRE ATT&CK framework.
  • Fundamental network security understanding.
  • Track record of planning and executing complex work efforts.
  • Strong interpersonal communication, analysis, and writing skills.
  • Ability to align management and leadership strategies when working on projects.
  • Ability to work effectively with business unit and IT department managers, including Application Development, Infrastructure, Operations, Network, Technical Support, and others.
  • Superior verbal and written communication skills.
  • Must be a team player.

The team you will join :

Founded in 1988, First National is one of Canada’s largest non-bank lenders. We provide residential mortgages exclusively through our mortgage broker channel and service commercial clients through our national origination team of empowered advisors.

At First National, It’s in our Nature is our rallying cry. It underlies our values, beliefs, and how we show up for each other, our clients, our partners and the community.

Our nature defines who we are and guides every decision we make.

First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation or any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at .

We would like to thank all applications for their interest, but only candidates selected for an interview will be contacted.

FNLOON

30+ days ago
Related jobs
BQ International Inc
Toronto, Ontario

The Cloud Operations and Security Administrator will be responsible for operating and securing Cloud IaaS and PaaS environments and support the security of SaaS applications in accordance with Client’s standards and security best practices. The focus of this role is to operate and maintain the cloud...

Jobber
Canada
Remote

Our Security Awareness & Engagement Analyst focuses on the education and engagement side of security and is not a deeply technical position requiring specific certifications or experience. This is an excellent opportunity to gain hands-on experience in the field of information security while working...

0000050007 Royal Bank of Canada
Toronto, Ontario

As a Software Engineer, Cloud Security you will play a crucial role in developing innovative solutions to enhance RBC's cloud security posture. Establish core services and security controls across Azure, AWS, and GCP cloud environments. Design and build cloud security solutions using automation, con...

Scotiabank
Toronto, Ontario

The Senior Manager will be responsible for managing the network management function within the utility by providing leadership and oversight on the following key mandates: 1) Uphold the relationships between external and internal stakeholders to maintain global operational and regulatory standards. ...

MNP
Toronto, Ontario

With a focus on high-potential earnings, MNP is proud to offer customized rewards that support our unique culture and a balanced lifestyle to thrive at work and outside of the office. Mentor, motivate and coach team members towards professional and personal development by setting clear expectations,...

Intact Financial Corporation
Toronto, Ontario

Facilitate communication and collaboration between business and technical teams, ensuring clear understanding of security requirements, expectations, and deliverables. We are seeking a highly skilled and experienced senior IT business analyst with expertise in security, and reporting to join our cyb...

Deloitte
Toronto, Ontario

Our Application Security specialists design and configure roles and user access within ERP and SaaS applications, address broader Cyber risks around cloud environments, help comply with privacy laws and regulations, and reduce risks associated with new business processes and unauthorized access. Thi...

Canadian Red Cross
Toronto, Ontario

As we work with and support people (managers, colleagues, beneficiaries/customers, volunteers, donors and external partners) and communities in Canada and around the world, applicants whose first language is not English may be required to perform the responsibilities of the role in English. The Cana...

Deloitte
Vaughan, Ontario

You will perform and guide clients and internal teams in all aspects of employee rewards focusing on the design and operation of incentive arrangements and executive remuneration, both for private and public companies. Our Global Employer Services team advises small and large organizations with both...

Metrolinx
Toronto, Ontario

Assists with feasibility and environmental studies, and the development and assessment of alternative delivery options to meet market and business conditions relating to the delivery and implementation of light rapid transit corridor infrastructure, where required. Our HML project delivery team is s...