Story Behind the Need:
Business Group: The US Information Security Team is sourcing one (1) IT Security Analyst to assist with the completion of security Threat Risk Assessments (TRAs) for the US application technology landscape. An additional resource is necessary due to increased workload, competing regulatory projects, and the need to keep all BAU work and upcoming projects on track. We are seeking self-starters who can immediately contribute to the threat risk assessment process, security advisory services including support for regulatory requirements and projects.
Candidate Value Proposition:
In addition to gaining experience with a top global bank, successful candidate(s) with outstanding performance and skills will have the opportunity to be converted to full time employment, assuming the budget allows.
Typical Day in the Role:
- Conduct threat risk assessments on technology assets, specifically applications. Verify security controls, provide suggestion on compensating controls, and advise stakeholders on security best practices
- Work with third and fourth parties to capture data inputs to the assessments, including the review of testing reports and summaries
- Experience with architecture documentation – ability to recognize and identify risks based upon application design or implementation plan
- Review and evaluate responses to security assessments, collect and validate supporting evidence
-Review security and technical design documentation
-Understand compensating and mitigating controls
- Identify risks and understand their impact
- Clearly and intelligently communicate findings to stakeholders
-Provide guidance to stakeholders regarding risks and corresponding actions necessary to remediate said risks
-Prepare and report results to stakeholders and management
-Understand regulatory requirements and how they apply to the evaluation/assessment of tooling or solution
-Understand the financial regulations that legislate and impact technology and security controls
- Work closely with stakeholders, including application owners and business lines to ensure risk remediation or acceptance is addressed
- Conduct security risk assessments for 3rd and 4th party applications, components, services
-Understand cloud infrastructure and cloud security controls
-Work closely with third party relationship managers to define security expectations and hold vendor accountable for risk mitigation or remediation plans
-Collaborate with IT business partners and team leads
Must Have Skills/Requirements:
1. IT Security Analyst or related cybersecurity background (2+ years of experience, but will consider recent university graduates with a degree in Cyber or Information Security)
2. Recent experience working directly on Cyber Risk Assessments ( 2+ years, or 1 recent project)
3. Experienced with GCP or related Cloud Platforms
4. Prior knowledge of security engineering/architecture
5. Proficiency in MS Office with extended knowledge in MS Excel – 3+ years
Nice to have Skills:
- CISA OR CISSP Certification
- An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, infrastructure and networking environments proven through recent experience or last project
- Recent relevant Financial Industry Experience
- Extensive knowledge of Financial regulations and regulatory requirements (NYDFS, FIECC, Federal Reserve, Treasury, CFTC, etc.)
-Experience with vulnerability management tools such as Tripwire or Tenable
-Ability to read and interpret vulnerability, host audit/configuration and code scanning (DAST/SAST) reports and
Soft Skills:
- Excellent grammar and communications skills to coordinate with senior leadership (Director, VP level and up), as well as C-Suite of some of the third party vendors
- Comfortable putting together and presenting risk assessments to a wide range of individuals
- Candidate must have a natural curiosity and the ability to assess each situation separately
- Fast, adaptable learner who can hit the ground running
-Strong organizational skills
- Ability to manage assigned tasks and expectations without direct instruction or oversight
- Ability to work well under pressure while demonstrating strong professionalism
- Must be able to collaborate closely with teams and independently
-Must be accountable to meet individual deadlines without hand holding
Education : -Bachelors/ Masters degree in cyber security, computer science, or related IT field
Interview Process:
1-step process – Panel Video Interview with Sr. Manager (hiring manager) and 3 other team members
-Interviews to take place ASAP
Job 70766
IT Security analyst • Toronto, ON, Canada (Remote)
A leading IT solutions provider is seeking an IT Security Analyst for an 8-month hybrid contract based in Scarborough, ON.Candidates should have 5-8 years of experience in cybersecurity concepts in... Show more
Enhance your career as a Governance and Risk Cyber Security Analyst with Equitable Bank.Focus on cyber security strategy and regulatory compliance while advancing innovative banking solutions.As pa... Show more
A leading security firm is seeking a Security Analyst to enhance its security posture through proactive vulnerability management.This fully remote role requires strong analytical skills, hands-on e... Show more
Take charge as a Senior Security Analyst in a hybrid model, focusing on IT risk management and incident response.Utilize your EDR and cloud security expertise to enhance organizational security sta... Show more
RBC’s Global IT Risk (GITR) function enables the protection of RBC's brand, systems, and operations by equipping the business and technology partners with meaningful insights, actionable advice, an... Show more
Protect organizational assets as an Information Security Analyst focusing on cybersecurity and threat assessment.Collaborate with teams to enhance security posture and promote safety awareness.This... Show more
A consulting firm based in Toronto seeks an IT Security Analyst 3 (Bilingual Spanish) to support an enterprise-level information security team.The ideal candidate will have extensive hands-on exper... Show more
Become a pivotal part of TD's Audit and Operational Security Compliance team in Toronto, Ontario as an Information Security Analyst I.This role offers a blend of audit response and compliance respo... Show more
The Cyber Risk & Governance Analyst, part of the Information Security Governance & Third-Party Cyber risk team, is responsible for analyzing and assessing the organization’s information security ri... Show more
A global leader in fund services is seeking an IT Compliance Analyst in Toronto.The role involves analyzing and improving IT compliance, coordinating controls testing, and supporting policy reviews... Show more
IT Security R&D Specialist / Cyber Threat Intelligence Analyst.Job Openings IT Security R&D Specialist / Cyber Threat Intelligence Analyst About the job IT Security R&D Specialist / Cyber Threat In... Show more
Step into the cybersecurity domain with BrightIT as a SOC Analyst, where you'll monitor, analyze, and respond to security threats in the iGaming industry from our Toronto office.This position offer... Show more
Take on a rewarding role as a Technical Risk Analyst within IT governance, focusing on enhancing security and compliance insight.Leverage your analytical abilities and reporting skills in this dyna... Show more
Become a crucial player in audit remediation as a Senior IT Build Analyst for a banking client in Toronto.This hybrid position offers hands-on experience with documentation and compliance standards... Show more
Job Description# IT - Info Security Analyst - Expert· The Senior Consultant, AI Security Service Management will support enterprise AI security initiatives by evaluating and integrating AI security... Show more
Assist in providing IT security services to the company and it’s customers.Assist management and its customers in defining their IT Security requirements to meet their business needs.Assess, provid... Show more
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar... Show more
A leading IT services firm is seeking an Information Control Testing Specialist to manage information risk and ensure compliance with security policies.You will work on global initiatives, conduct ... Show more
A healthcare advocacy organization in Toronto seeks an Endpoint Security Analyst to enhance the digital employee experience.This position involves ensuring device security and managing identity acc... Show more
As an IT Security Specialist you will apply your cyber security knowledge and skills to defend our clients from increasingly complex and persistent cyber threats, using our advanced and industry le... Show more
