Information Security Analyst Advisory

Tangerine • Full-time • CA, ON, Toronto • 2w ago

Requisition ID: 175270

Tangerine is Canada’s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. It’s important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.

The Information Security Advisor is responsible for many aspects of Tangerine’s Cyber Security portfolio. The incumbent will be responsible for leading programs such as the Vulnerability/Patch Management, Threat Risk Assessment and the Data Loss Prevention programs. The Information Security Advisor will utilize a risk-based approach in order to produce substantiated, relevant data to be utilized within a regularly produced security dashboard. The Information Security Advisor will report directly to the Senior Manager of Cyber Security and Security Operations.

Role Accountabilities

Act as core competency and reference for enterprise wide Information Security governance, risk management, advisory, and compliance
Act as core competency and reference for security requirement and controls for enterprise SDLC, Agile, DevOps and Cloud Security strategy plan and implementation
Lead security architecture for various cloud-based initiatives, while working with enterprise architects, product owners and project managers
Design, define and improve cyber security procedures and processes to meet and facilitate various business requirements and enforce compliance based on Scotia policies and standards
Define and implement security requirement, controls, processes/procedures for Agile SDLC and CI/CD pipeline
Provide security advisory service with respect to Scotia policies, standards, procedures and major industry regulations for on-premises and cloud enterprise infrastructure and applications.
Understand the bank’s diverse business units and ability to work with diverse groups, while interpreting technical context into common business language.
Develop security implementation plans for enterprise projects, infrastructure, applications and operations. Address and resolve complex technical problems that will have impact on integration engagements.
Conduct Data Classification and Threat Risk Assessment (TRA) for enterprise-level new initiatives. Document high-risk areas, and lead reliable and timely remediation without affecting project delivery deadline.
Design and develop reporting dashboard in GRC Tool for governance of cyber security and compliance. (example - audit remediation tracking, vulnerability management, compliance management)
Guide and support team members on undertakings including vulnerability management, compliance configuration management, deviation management, Application security, Pentest, Data loss protection, phishing and etc.
Foster and Promote security awareness and security culture among all levels of stakeholders of the bank in day-to-day projects and operations.

Skills and Qualification

Must have solid understanding and experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application and networking, in both traditional data-center and cloud environment
Must have advanced security knowledge and experience with respect to enterprise architecture, networking, infrastructure, systems and applications
Able to work at three levels - Strategy, design and hands on technical
Highly collaborative and pro-active, effective and efficient operational skill
Strong knowledge on application development life cycle SDLC, Agile, DevOps, CI/CD with concept on GitHub, Artifactory, Jenkin, micro-service, infrastructure as a code etc.
Sound knowledge of Google Cloud Platform and cloud technologies – Docker, containers, Kubernetes, IaaS/PaaS/CaaS/SaaS
Must have good verbal and written communication skills in English, able to effectively communicate and influence to all levels of stakeholders
Must have excellent knowledge of different areas of IT operations / processes (change mgmt., release mgmt.), and able to define/design security process to meet business requirement.
Be able to interact with lines of business, and have a sense of business acuity and agility
Ability to learn new technologies, techniques and processes.
Very high level consulting and analytical skills and persistence up till an agreed solution
Lead independently for the team, operations and projects
Proven ability to meet deadlines for multiple assignments and adapt quickly to changing priorities.
Strong Knowledge of the financial industry regulation OSFI, PCIDSS, and frameworks ISO27001/27002, SOC2/SOC3
Strong Microsoft Office software skills particularly Excel, Word, Visio and PowerPoint

Education

Bachelor degree in computer science or related field
Certifications in CISSP, CCSP, CISA, CRISC will be an asset

#Cyberatscotia

Location(s): Canada : Ontario : Toronto

At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know.