Purpose of Role:

Key Accountabilities:

• Manages the team in planning and designing secure cybersecurity architectures and solutions, including developing plans and specifications for new systems or modifications to existing ones and developing and implementing new security mechanisms to ensure cybersecurity strategies that are aligned with the business goals and regulatory requirements and that bring value and security to the Bank for the prevention of cyberattacks.
• Manages the deployment, administration and optimization of cybersecurity tools and platforms, including email security tools; log collection and monitoring tools; endpoint security tools; network security tools and data loss prevention tools  to ensure that the Bank’s security controls are effective and meet or exceed international standards, maintain regulatory obligations and ensure the reputation of the Bank remains intact, while mitigating risk and preventing attacks.
• Collaborates with stakeholders (cross-functional teams within Technology and other areas of the Bank) to integrate security testing, quality checks, and other process steps earlier in the software development lifecycle, project delivery and Technology operations to ensure overall effective cybersecurity management, alignment with the Bank’s goals, reduce cyber security risk and ensure adherence to project timelines and budgets.
• Reviews & evaluates  emerging technologies, security trends, and threats by conducting Proof of Concept exercises and similar ventures, identifying and to recommending effective technical security controls and tooling to ensure the Bank’s security posture remains relevant in the face of the changing threat landscape and the assist with the mitigation of risk to the technical assets and customer or confidential information.
• Maintains compliance with industry standards and regulations (e.g., NIST, ISO 27001, GDPR, HIPAA), ensuring all necessary configurations and guidance are implemented in the relevant controls and tools. To ensure compliance with applicable regulatory, data protection and industry requirements to safeguard the Bank’s client, proprietary and confidential data.
• Develops & supports  a sound internal control environment by reviewing and updating applicable cybersecurity policies, standards, and procedures to ensure compliance with applicable standards to maintain the adequate internal control over the security environment of the Bank.
• Reports security risks and gaps to stakeholders, including the security posture of the Bank, control effectiveness and risk metrics on a regular cadence  to ensure the visibility of the security posture and risks to stakeholders so that they can make informed decisions in the process of driving the business goals.

Experience & Skills Required:

• At least three years’ experience in information security or IT
• At least three years’ experience in another IT function, especially IT audit.
• At least two years’ experience with regulatory compliance and information security management frameworks, e.g., IS027000, COBIT, National Institute of Science and Technology (NIST), etc.
• Practical experience with security incident management tools
• Proven experience with cloud security (AWS, Azure, GCP), secure network architecture, and endpoint protection.
• Hands-on experience with security operations tools (SIEM, firewalls, endpoint protection).
• Understanding of information security incident response practices, computer forensics, threat intelligence, and current cybersecurity threats to the financial services sector.
• Current understanding of IT security best practices.
• An understanding of the expectations of the Office of the Superintendent of Financial Institutions (OSFI) with respect to subsidiaries of Canadian banks.
• Experience managing compliance and regulatory requirements.
• Experience in risk assessment and mitigation.
• Proficiency in scripting languages (e.g. PowerShell) is a plus.

Qualification Required:

• Undergraduate or post graduate degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• At least one of the following or related professional certifications:
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensic Examiner (GCFE)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• AWS/Azure Security Certification

JOB SNAPSHOT                                                                                                                                                              

Position reports to:  Director, Operations, Client Care & Sales Centre
Function: Operations
Management Category: Operations

Expiry Date: 1-7-2025