Requisition ID: 232332
Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

PURPOSE

Security Assurance team within Security Risk Governance is responsible for reviewing privileged accesses and configurations on a scheduled basis to identify areas where access and configurations have been changed without cause. Demonstrating security operation teams adhere to defined processes and procedures, supporting the achievement of the Bank’s information security objectives. Reviewing operational practices, reporting gaps, and working with the process owners to achieve resolution of any identified deficiencies. Identifying and managing compliance related issues, tracking of IT risks as well as other key performance indicators.

IS THIS ROLE RIGHT FOR YOU?

• You have a passion for security compliance and risk, researching, implementing and maintaining effective security controls.
• You are a self-starter with skills in communication and analytical thinking, who can review large amounts of unstructured data and critically interpret findings.
• You have an interest to review various alerts and risk ratings for critical information and security sensitive or high-risk events.
• You understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• You want to collaborate with the business, along with the technical and operational groups across the Bank to ensure alignment of technical solutions to the business strategy
• The incumbent will conduct reviews of IT application and supporting IT pervasive controls.
• The incumbent will maintain documentation supporting SOX Business Processes and SOX IT Pervasive areas under direction of IS&C management and control owners.
• The incumbent receives general direction from the Senior Manager / Team lead. Day to day tasks are handled independently.
• The incumbent will maintain documentation supporting Business
• Day to day decisions regarding approaches to security and control reviews are handled independently by the incumbent using a high degree of discretion and judgment.
• The incumbent is guided by the Bank’s Information Security Policy and Standards and the requirements of Bank regulators and auditors as well as departmental procedures.

DO YOU HAVE THE SKILLS THAT WILL ENABLE YOU TO SUCCEED IN THIS ROLE? WE’D LOVE TO WORK WITH YOU IF YOU HAVE:

• You have familiarity and experience with several banking applications and infrastructure environment including, but not limited to, firewalls and network security.
• You have working knowledge within key IT controls and risk assessment concepts
• Experience with operational/security risks, threats & potential exposures and potential security breach situations.
• Knowledge of audit practices and methodologies.
• Industry certifications (i.e. CCNA, CISA, CRISC, etc.) would be an asset(s)
• You have strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external customers.
• Expertise in IT key controls and risk assessment concepts.
• Strong verbal and written communication skills, especially report writing ability.
• Nice to Have: One or more industry certifications like CISA, etc. in a related field is preferred with 1-2 years practical experience in information technology
• Nice to Have: Thorough knowledge of the Bank’s application and infrastructure environment.
• Nice to Have: University degree or college diploma in a related field is preferred
• Nice to Have: Familiarity and experience with several Bank’s application, Network and infrastructure environment including, but not limited to IBM mainframe, Windows Active directory, AS400 and DB2
• Nice to Have: Sound knowledge of regulatory requirements.
• Nice to Have: Advanced presentation and communication skills.