Toronto, Hybrid – on-site 2 days a week
Duration: 8 months
Position Purpose:
This position is within the Application Security Assessments team within Global Cyber Security. The team supports the enterprise by providing security expertise (e.g. application and infrastructure security assessments, code review, third party report reviews) to ensure the security hygiene. Reporting to the Sr Manager, Onboarding & Relationship Management, is the first point of contact for all assessment requests and handle security-related questions.
Key Accountabilities:
- First point of contact for internal partners; regularly monitor all incoming service request channels (e.g. Jira Service Desk, Outlook mailboxes).
- Perform an initial review of security assessment requests submitted to the team, reviewing the details of the engagement and validating the accuracy of the responses.
- Liaise with 3rd party vendors, enterprise application teams and other stakeholders to plan and schedule security assessments to meet enterprise and regulatory compliance requirements.
- Develop and monitor program schedules and identify major milestones for successful completion of security assessment engagements. This includes kicking off scheduling process, coordinating with external and internal teams to keep schedules up to date, and providing countermeasures before issues or delays arise.
- Provide direction and guidance related to security assessment activities and ensure all requests are responded to in a timely manner. This includes requests and queries around policies, standards and practices, the application/infrastructure security assessment process, Issues Management and general security-related inquiries.
- Maintain program and engagement documentation and processes (e.g. process documents, team’s connect page).
- Generate reports and ad hoc reports for management and executive audiences (e.g. engagement metrics, audit requests).
- Assist Sr Manager with vendor management.
Knowledge & Experience:
- Progressive experience in large IT organizations, running operational services, PMO or multi-project implementations.
- Ability to multitask and handle multiple incoming requests in a timely manner.
- Excellent verbal and written communication skills.
- Familiarity with IT development and information security concepts.
- General knowledge of project management and development methodologies, including the SDLC and secure development.
- Ability to work under pressure in an area where priorities change frequently
- Self-motivated, with the ability to work under little supervision.
Nice-to-have
- Undergraduate degree in Communications, Management or related discipline.
- Proficient knowledge of IT policies, standards and practices.
- General knowledge of industry standards and practices (e.g. ISO 27001, ISF Standard of Good Practice, CISSP Common Body of Knowledge).
- General knowledge of IT concepts and terminology, including knowledge of IT Risk concepts, compliance and privacy regulations.
- General knowledge with systems (e.g. Jira, Connect)