| Job Description |
For a bank in Toronto - The incumbent is responsible for security operations services that enable the achievement of the Bank’s Information Security objective for the International banking division. Security objectives include integrity, confidentiality/privacy, availability and continuity and the delivery of information security for the Bank group. The incumbent will provide consulting services to assist in the development and support of sound security strategies, ensuring the reliable implementation of consistent and secure control processes to protect the Bank’s information and data resources, by:
a) Developing sound strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect International banking and acquired affiliates’ information and data resources during integration projects.
b) Acting as central point of reference and core competency for Information Security to be used by business lines and associated technology groups before and during mergers and acquisitions engagements. Assisting in the inventory, classification and protection of data resources by providing guidance on a cost effective implementation of Bank’s security policies and standards.
c) Representing Information Security in integration projects teams by leading security initiatives. Drive initiatives and support business functions to assess security risks and to make informed decisions to protect information assets during integration projects. Performing Security Due Diligence Reviews on organizations targeted by the Bank.
d) Providing guidance to design, develop and implement sound risk management controls in accordance with Bank’s standards that assure Bank’s compliance with industry regulations. Keeping abreast and being well versed on financial industry regulations demands in different regions based on practical experience. Managing the infrastructure’s risk scores of acquired organizations and driving initiatives towards remediation.
e) Pursuing security and control process improvements to advance the security compliance.
f) Working closely with Global Information Security Directors to facilitate communication, support and to convey the Bank’s Information Security vision as developed by the Chief Information Security Officer (CISO).
Accountabilities:
1. Develop and implement strategies and tactical plans for remediating identified security lapses in the bank's information processing systems.
2. work with System administrators in in the International Banking Devision to ensure that information security controls are implemented in line with our standards and that the controls are effective.
3. Document high risk areas, and lead reliable and timely projects delivery towards remediation. This may include first line relationship management within Information Security & Controls (IS&C) teams and other technology teams participating in integration projects.
4. Drive the operation of reliable security controls over logical protection, vulnerability management, application security and application change control. Develop sound tactical plans to address high risk areas that may jeopardize the information processing infrastructure availability, confidentiality/privacy, continuity and integrity during integration. Escalate delays in plan when these may compromise customer information protection or deadlines in integration projects.
5. Design, develop and report information security metrics to demonstrate advancement of the information security program implementation and escalate high risk issues accordingly.
6. Develop and Implement management controls to meet the Bank’s operational and administrative requirements, while satisfying local regulator and financial industry demands. Escalate deviation or risk acceptance requests through the VP or CISO for approval.
7. Liaise with internal and external security teams, local and international, and participate in reviews that pertain to compliance with Bank and Regulatory IT security controls and guidelines.
Complexity of Position/Success Criteria:
• Results focused with ability to manage multiple assignments concurrently.
• Adapt quickly to changing priorities.
• Independently manage assignments to completion
• Professional and confident when interacting with peers and those in higher positions both in the Bank and with external outsourcing partners and vendors.
• Keep current with changing and emerging IT and security technologies with a strong “can do” attitude.
|
| Job Requirements |
Must have a solid understanding and experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application and networking environments.
• Must have advanced verbal and written communication skills in English, especially report writing ability..
• Proven ability to meet deadlines for multiple assignments and adapt quickly to changing priorities.
• Working knowledge of common Vulnerabilities and their mitigating controls.
• Working knowledge of Web application Vulnerabilities and their mitigating controls.
• Strong knowledge of UNIX and Windows operating systems with emphasis on security features.
• Sound knowledge of logical access controls for Windows and Unix and AS400 systems
• Sound knowledge of security controls for databases.
• Working knowledge of endpoint security controls
Excellent written and spoken English Communication skills are required, and the ability to confidently present ideas and recommendations at formal presentation and conference calls.
Education:
Minimum of a bachelor degree in information systems or equivalent in relevant discipline is preferred.
• At least 3-5 years of experience in information security is required.
• An information security certification such as CISSP, CEH, GSEC or Security+ will be an added advantage.
|