Location: 150 King St W can be 100% remote
Contract Duration: Through end of December 2024 with potential for conversion to FTE after 6 months
Schedule Hours: 8 hrs
Candidate Value Proposition
In addition to gaining experience with a top global bank, successful candidate(s) with outstanding performance and skills will have the opportunity to be converted to full time employment, assuming the budget allows.
Typical Day In The Role
Contract Duration: Through end of December 2024 with potential for conversion to FTE after 6 months
Schedule Hours: 8 hrs
Candidate Value Proposition
In addition to gaining experience with a top global bank, successful candidate(s) with outstanding performance and skills will have the opportunity to be converted to full time employment, assuming the budget allows.
Typical Day In The Role
- Conduct threat risk assessments on technology assets, specifically applications. Verify security controls, provide suggestion on compensating controls, and advise stakeholders on security best practices
- Work with third and fourth parties to capture data inputs to the assessments, including the review of testing reports and summaries
- Experience with architecture documentation – ability to recognize and identify risks based upon application design or implementation plan
- Review and evaluate responses to security assessments, collect and validate supporting evidence
- Review security and technical design documentation
- Understand compensating and mitigating controls
- Identify risks and understand their impact
- Clearly and intelligently communicate findings to stakeholders
- Provide guidance to stakeholders regarding risks and corresponding actions necessary to remediate said risks
- Prepare and report results to stakeholders and management
- Understand regulatory requirements and how they apply to the evaluation/assessment of tooling or solution
- Understand the financial regulations that legislate and impact technology and security controls
- Work closely with stakeholders, including application owners and business lines to ensure risk remediation or acceptance is addressed
- Conduct security risk assessments for 3rd and 4th party applications, components, services
- -Understand cloud infrastructure and cloud security controls
- Work closely with third party relationship managers to define security expectations and hold vendor accountable for risk mitigation or remediation plans
- Collaborate with IT business partners and team leads
- IT Security Analyst or related cybersecurity background (2+ years of experience, but will consider recent university graduates with a degree in Cyber or Information Security)
- Recent experience working directly on Cyber Risk Assessments ( 2+ years, or 1 recent project)
- Experienced with GCP or related Cloud Platforms
- Prior knowledge of security engineering/architecture
- Proficiency in MS Office with extended knowledge in MS Excel – 3+ years
- CISA OR CISSP Certification
- An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, infrastructure and networking environments proven through recent experience or last project
- Recent relevant Financial Industry Experience
- Extensive knowledge of Financial regulations and regulatory requirements (NYDFS, FIECC, Client, Treasury, CFTC, etc.)
- Experience with vulnerability management tools such as Tripwire or Tenable
- Ability to read and interpret vulnerability, host audit/configuration and code scanning (DAST/SAST) reports and
- Excellent grammar and communications skills to coordinate with senior leadership (Director, VP level and up), as well as C-Suite of some of the third party vendors
- Comfortable putting together and presenting risk assessments to a wide range of individuals
- Candidate must have a natural curiosity and the ability to assess each situation separately
- Fast, adaptable learner who can hit the ground running
- Strong organizational skills
- Ability to manage assigned tasks and expectations without direct instruction or oversight
- Ability to work well under pressure while demonstrating strong professionalism
- Must be able to collaborate closely with teams and independently
- Must be accountable to meet individual deadlines without hand holding
-
Seniority level
Entry level -
Employment type
Contract -
Job function
Information Technology -
Industries
IT Services and IT Consulting
Referrals increase your chances of interviewing at LanceSoft, Inc. by 2x
See who you knowGet notified about new Information Technology Security Analyst jobs in Scarborough, Ontario, Canada.
Sign in to create job alertSimilar Searches
Looking for a job?
Visit the Career Advice Hub to see tips on interviewing and resume writing.
View Career Advice Hub