Information Security Governance Analyst
MCAP at a Glance
Joining MCAP means you will be a part of our diverse workforce of highly talented individuals who are recognized for their expertise and success! At MCAP, your professional expertise, commitment to teamwork and passion for service excellence are recognized and rewarded with competitive total rewards offering, a career with continuous learning and development (formal & informal training), and exciting opportunities in a dynamic, entrepreneurial environment.
The Role
Reporting to the Director, Information Security & Privacy Governance, this role will contribute to governance, risk and control activities within MCAP’s Information Security & Privacy programs.
- This position will be accountable for the creation, maintenance and distribution of enterprise level policies, procedures and standards within the information security and privacy domains.
-
Ensure the information security & privacy programs accomplish its objectives by bringing a systematic approach to improve the overall effectiveness of these programs.
-
Facilitate and/or lead corporate level incident response preparedness through testing, reporting and actions and will participate in incident response.
- Create training courses, training presentations, programs, and develop new training materials that drive continuous awareness for information security & privacy.
Training and Education
- Develop a roadmap for MCAP’s awareness training as it relates to information security & privacy that enables greater awareness, compliance and education materials
- Create and maintain an effective and measurable awareness training program.
-
Create, execute, monitor and report on simulated security exercises to increase the awareness of the importance of security and privacy protocols (e.g. phishing campaigns, tailgating, vishing, mystery customer)
-
Drive awareness and compliance to information security & privacy best practices
Governance & Operations
- Develop and implement effective and reasonable policies, procedures and standards to secure MCAP assets.
- Participate and/or lead security assessments, audits, tabletops and penetration tests
-
Provide support to all stakeholders on information security & privacy standards.
-
Facilitate incident response preparedness through testing, develop plans to close gaps and updating response plans.
-
Contribute to the identification and maintenance of an information security risk registry.
- Prepare and support security due diligence questionnaires and assessments.
-
Research and maintain an awareness of industry information security challenges, changes or opportunities that would improve MCAP’s information security & privacy posture
-
Support and assist annual reviews of enterprise information security & privacy policies, procedures and standards.
- Collaborate with the technical information security team to identify gaps in policy, procedures, or standards and recommendations for improvements
-
Perform analysis of third-party vendor due diligence responses to identify gaps, escalate risks as required and make recommendations to improve the process
Program Measurement/Monitoring
- Create measurements of compliance to corporate level policy and procedures (e.g. Access reviews, DLP, PIA)
- Develop and maintain an information security & privacy program scorecard/dashboard that demonstrates our current (real time) posture and opportunities for improvement
- Develop a process to report on the remediation of issues that arise from external assessments or audits
-
Internally assess, evaluate, and bring forward recommendations to management regarding the information security & privacy program controls.
What You Bring To The Team
-
3-6 years in information security & privacy governance
-
Proven experience in the development of policies, procedures & standards
-
Strong knowledge of information security governance frameworks (e.g. CIS, NIST, ISO)
-
General knowledge with security tools and technology (e.g. firewalls, IDS, IPS, encryption, EDR, DLP, NAC, CASB, DKIM, DMARC, email protection)
-
Advanced interpersonal skills and the abilities to interface with all business units in the organization
-
Ability to work effectively and efficiently
- Ability to multi-task in a fast-paced environment
-
General knowledge of security tools and technology
-
General knowledge of systems, network and cloud architectures
-
General knowledge with risk analysis, penetration testing, and vulnerability management
-
Demonstrated ability to create and maintain enterprise level security policy, procedures, etc.
-
Excellent writing and verbal communication skills, interpersonal and presentation skills and proven ability to influence and communicate effectively with all levels of staff.
-
Carries out duties with integrity and takes responsibility for actions
-
Handles critical and sensitive information with the strictest confidentiality and privacy
-
Excellent problem-solving and conflict resolution skills
-
Ability to lead change initiatives and to foster a positive employee relations environment
-
A degree or diploma in a relevant area of study with preference for information security or computer science/engineering
-
Formal IT & security accreditations such as (e.g. ITIL, COBIT)
-
Security certifications in (e.g. CISM, CISA, CISSP)
If this sounds like you and you are looking to be a part of one of Canada’s largest independent mortgage finance companies, then we want to hear from you!
Be A Part Of Something Great
MCAP is Canada’s largest independent Mortgage Finance company with over $150 billion in assets under management providing mortgage solutions for residential and commercial properties. For over 35 years, MCAP originates, trades, securitizes and services mortgages in offices across Canada. MCAP originates residential mortgages exclusively through the mortgage broker channel as we believe that a professional mortgage broker is a consumer's best option and MCAP actively promotes the services of mortgage brokers across the country. MCAP is also a leader in the Canadian residential construction lending market with over 25 years in the business. Our teams of dedicated professionals serve a variety of developer, construction and lender clients across Canada.
Position #: req1822
Employment Status: Permanent Full Time
Location: Waterloo; Ontario
Department: Information Technology
Internal Job Title: Information Security Governance Engineer
Salary Range: $85,000 - $90,000
The above information in this description has been designed to indicate the general nature and level of work performed by employees in the position. It is not designated to contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
MCAP provides equal opportunities for all applicants and is committed to fostering an inclusive, accessible environment, where all employees feel valued, respected and supported throughout the recruitment and employment process. If you require accommodation, we will work with you to meet your needs.