Senior Analyst, IT Security
Canada's Challenger Bank™If you're looking for a workplace where employees are passionate about their work environment, then read on. What sets Equitable Bank apart from other companies is its culture. We celebrate and embrace the fabric of diversity, the employee engagement process and collectively take pride in our business successes. Our commitment to our customers, our partners and our employees creates a stimulating and exciting atmosphere that generates innovative products and outstanding service quality.
Equitable Bank is Canada's ninth largest independent Schedule I bank, serving Canadians coast to coast. It offers a diverse suite of residential lending, commercial lending and savings solutions, including high-interest savings products and GICs. Through its proven branchless approach and customer service focus, Equitable Bank has grown to approximately $33 billion in assets under management. In 2016, Equitable Bank launched a digital banking operation, EQ Bank, and introduced the EQ Bank Savings Plus Account. Equitable Bank currently employs over 750 employees across the country.
Within Equitable Bank's Core Lending business, Single Family Lending Services funds mortgages for owner-occupied and investment properties across Canada, while Commercial Lending Services provides mortgages on a variety of commercial properties on a national basis.Equitable's Securitization Financing business originates and securitizes insured residential mortgages under the Canada Mortgage and Housing ("CMHC") administered National Housing Act.Equitable Bank also offers a range of deposit products including short-term, long-term and Cashable GICs, available in non-registered or Tax Free Savings Account ("TFSA") across Canada. And it offers a High Interest Savings Account, available from authorized investment advisors through the FundServ network.
Equitable Bank is a growing Canadian financial services business and a wholly owned subsidiary of Equitable Group. It was founded in 1970 as The Equitable Trust Company.
Job Title: Senior IT Security Analyst
Department: Information Security
Reports To: IT Security - Governance & Risk Manager
Purpose of Job
The Senior IT Security Analyst works closely with IT Management, Risk Management and external vendors to define, maintain, monitor, and implement controls to ensure security, risk, compliance, governance and audit requirements for IT are met and risks are mitigated.
- Maintain the existing and develop new information security governance documents, including policy, framework, standards, procedures, and guidelines to keep up with the changing threat universe.
- Support the Security Management through various activities including risk assessment, access control, vendor management, RCSA (Risk and Control Self-Assessment), Vulnerability Test follow-up, Security training etc.
- Perform penetration testing and code scanning and ensure that the identified weaknesses are remediated by the owners based on the Bank’s policies and standards.
- Manage and maintain code scanning tools.
- Manage and maintain GRC solution.
- Review internal/external reports to ensure security regulation and compliance.
- Manage the security risks for in-time closure, escalate risks for acceptance or action plan, track information security related risks and corresponding action plans with dues dates to ensure that the issues are resolved. Provide periodic reports to outline the status of information security risks
- Support cybersecurity operation including security incident response and investigation including participation in chain of custody for evidence, vulnerability assessment, third party vendor assessment and security management process.
- Manage and maintain vulnerability register and work with stakeholders for defining and implementing action/mitigation plans.
- Liaise with internal and external auditors/consultants and provide required documents/details.
- Provide security advice for IT projects including SIEM, DLP implementation and on-going monitoring
- A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
- At least five (5) to eight (8) years of overall information technology, information security and information risk experience with at least three (3) to five (5) years in an information security role.
- The following certifications are required: CISM, CISSP, CGEIT or CRISC.
- Currently having or working towards acquiring OSCP.
- Experience in performing penetration testing/ethical hacking.
- Experience of setting up and running code scanning tools for IT Infrastructure and Applications Security Testing.
- Experience of administrating GRC solution.
- Excellent written and verbal communication skills.
- Understanding and experience of various Information/Cyber Security standards, like ISO 27K series, NIST 800 series, NIST CSF, CSA, SANS etc.
- Understanding of Security Baselines, Vulnerability Assessments and Penetration Testing.
- Experience of cloud environment will be a definite plus.
- Experience in performing IT security risk assessments.
- Experience in developing risk mitigation recommendations.
- Experience in planning and implementing IT controls.
- Experience working in a banking or financial services environment is an asset.
- Technical knowledge of Cloud computing, Unix, Windows, computer networks, computer servers, VMware, SQL Server, firewalls, anti-malware tools, IDS/IPS, SIEM solutions, encryption/certificates, vulnerability scanning/assessment, application security testing, and other IT infrastructure technologies from a security and audit perspective.
- Ability to adapt to constantly changing technical, regulatory, and compliance environments.
- Organized, structured, logical thinking and detail oriented analytic skills.
Equitable Bank is an equal opportunity employer and encourages applications from all qualified candidates. Accommodations are available on request for candidates taking part in all aspects of the selection process. All candidates considered for hire must successfully pass a criminal background check and credit check to qualify for hire. While we appreciate your interest in applying, an Equitable recruiter will only contact leading candidates whose skills and qualifications closely match the requirements of the position.
- Pay Type Salary
- Equitable Bank, 30 St. Clair Ave West, Suite 700, Toronto, Ontario, Canada