Information Security Specialist

Job Description:

• Controls Management:
  • Analyze security control requirements, enterprise standards and associated audit commitments
  • Document, publish and socialize service requirements
  • Communicate compliance and risks to stakeholders and senior management
• Risk Management
  • Maintain and execute key risk management processes and provide guidance to supporting network services teams (architecture, engineering, delivery, service management)
  • Track, analyze and report currency, vulnerability/patch and configuration drift compliance risks
  • Conduct compliance criteria assessments (lifecycle milestone date validations, vulnerability risks and exceptions, configuration standards) and socialize with key stakeholders
  • Analyze deployments and configurations; identify and escalate standards non-compliance and/or configuration drift
  • Act as liaison to Enterprise Protect/OCISO, BISO and Enterprise Currency teams
  • Engage risk advisors and governance teams to negotiate exceptions and risk reclassification
  • Minimize operational risk and financial impact associated with currency non-compliance and extended support coverage requirements
• Process and Planning
  • Develop process and implement tooling to track and engage stakeholders to ensure commitment execution (awareness and attestation)
  • Promote and contribute to enhancement of best practice inventory management
  • Archer risk assessments, finding creation and status update
  • Representation for risk related audit reviews, action plan development and plan execution oversight
  • Business Continuity and Crisis Management
• Collaborate and build effective working relationships with colleagues across technology and the business to achieve business and IT objectives
• Prioritize and manage own workload to deliver quality results and meet timelines
• Support a positive work environment that promotes service, quality, innovation, and teamwork and ensure timely communication of issues/ points of interest
• Participate in knowledge transfer within the team and partners
• Continuously enhance knowledge / expertise in own area and keep current with leading-edge technologies trends
• Identify and recommend opportunities to enhance productivity, effectiveness, and operational efficiency of partners unit and/or team

Job Requirements

• University or Post-Graduate Degree
• Experience with Business Continuity and Crisis Management
• Strong academic background (e.g. computer science, engineering).
• 7+ years relevant experience (Audit, security and risk disciplines and practices)
• Advanced Knowledge of Organization, technology controls, security, and risk issues
• Information Security Certification / Accreditation and asset
• Advanced knowledge of the business and technology standards
• Previous experience in Fraud Technology an asset
• Expert knowledge IT service management frameworks, tools, processes, and procedures
• Strong relationship management skills
• Demonstrated ability to assess priorities quickly and adapt as needed
• Infrastructure risk program experience preferred (currency, patch management)
• ServiceNow inventory and process automation experience

• Must be flexible and thrive in an environment of rapid change
• Jira experience an asset