What You’ll Do
We’re looking for individuals who are innovative and dedicated to driving outcomes that are right for the organization. You’ll be joining the Enterprise Risk Management team as a Senior Analyst/ Architect of cyber and technology risk.
You will leverage your cyber and technology experience in collaborating with teams across the bank and help to oversee all aspects of cyber and technology risk management.
We Are Looking For High Performing Individuals Who Are
- Collaborate with various teams of security architects, subject matter experts, cyber intelligence and other IT teams to address identified gaps in technical security capabilities, and to improve security controls, processes, and standards
- Contribute to the assessment, recommendation of mitigation strategies and reporting of risks on security controls, design, architecture, and implementation
- Research and understand current as well as emerging security threats, technology advancements, trends, and directions for the security platform in the Banking and Retail industries
- Perform analysis and assessment of solution design of information and technologysecurity controls and infrastructure
- Provide technical leadership, security consulting and oversight to first line operational and project teams
- Provide second line oversight on projects and new initiatives consisting of security technology and infrastructure solutions for a wide range of business needs to ensure risks are identified for mitigation
- Review and support the development of key risk indicators, measures, and dashboards of cybersecurity and technology to continually improve cyber risk management processes and reporting
- Review and support the cyber risk policy and related operating directives, standards, and procedures,
- Oversight and monitoring of third-party service provider risks assessments and ensure consistent compliance with the cyber risk policy
- Prepare cyber risk management reporting leveraging your cyber risk subject matter expertise
- Develop and maintain methodologies for assessing and reporting on technology resiliency of the organization’s most valued assets
- Promote a culture of cyber risk awareness with CTB stakeholders.
What You Bring
- Agile and innovative individuals who embrace change to help us take bold and strategic moves in the rapidly evolving risk environment
- Collaborative and creative thinkers who take initiative and work well with your team and independently
- Passionate problem solvers with the ability to analyze and prioritize to meet business objectives
- Inclusive team players with superior influencing skills, who build valuedrelationships through trust and respect across various stakeholder groups to move initiatives forward
- Experienced with technology and business controls in areas such as cybersecurity, infrastructure, application delivery, and Contact Centers.
- University or College Diploma in Information Systems or equivalent practical experience in Computer Science, Engineering, or a related discipline
- 5 years IT infrastructure or cyber security experience, preferably 2+ of those at a senior level with related security architecture and risk management experience
- Knowledge of cyber security trends, technologies, and their applicability to the Canadian Financial industry
- Experience in technical Risk Management in large organizations or preferably at a Canadian financial institution
- Understanding of the principles and techniques of security risk analysis, NIST 800-53 controls and other industry leading cyber security frameworks for identifying and managing cyber security risk (eg. NIST, ISO, NERC CIP, ISA/IEC etc.)
- Familiarity of the regulatory banking governance Regulations (such as OSFI or FCAC).
- Technical knowledge within the security environment including installation, administration, performance analysis, capacity planning, systems management integration, network technologies, hardware platforms and operating systems with an understanding of security requirements through an entire technology stack
- Strong analytical skills and attention to detail
Considered an asset
- Solid understanding of Software Development Life cycle
- Familiarity with PCI DSS Issuer vs Merchant operating environments
- Knowledge of, or hands-on experience with, various security technologies such as VPN, vulnerability management, PKI, key management, IDAM, DLP, UEBA, SIEM, endpoint security, threat intelligence
- An industry recognized certification such as CISSP, CRISC, CEH, CCSE, CCSP, CISM and CISA considered an asset
If you’re curious, ready to take on new challenges and open to doing things differently to help us evolve rapidly, then this isdefinitely
the place to be.
We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.About Us
At Canadian Tire Services Limited/Canadian Tire Bank, it is our mandate to continue to create innovative and rewarding financial solutions for our customers. Our growing suite of products and services showcase the dynamic contributions from our employees and our success is driven by a strong vision, loyal customers, and our ability to build teams that reflect the diverse customers and communities in which we live and work. Join us, where there's a place for you here.Our Commitment to Diversity, Inclusion and Belonging
We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better..Accommodations
We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.