Join one of Canada’s fastest-growing companies and be part of something extraordinary – welcome to goeasy! At goeasy, our people and culture are at the heart of everything we do, and we’re proud to be recognized for it. We’ve earned prestigious accolades such as Waterstone Canada’s Most Admired Corporate Cultures, Canada’s Top Growing Companies, and the TSX30, highlighting us as one of the top performers on the TSX. We’re also thrilled to be named a Greater Toronto Top Employer and proudly certified as a Great Place to Work®. These honors reflect our commitment to fostering an inclusive, high-performance culture where talent thrives and innovation drives us forward.
As one of Canada’s leading alternative consumer lenders, we’re passionate about helping everyday Canadians create a brighter future. Our vision is to provide a path to a better tomorrow, today. We offer a full range of products, including non-prime leasing, unsecured and secured loans, and point-of-sale financing through easyhome, easyfinancial, and LendCare.
If you’re seeking an exciting, high-growth environment where your contributions truly matter, we want to hear from you! Join us, and together, let’s create a future of financial empowerment.
As the Senior IT Security Advisor (Application Security), you will lead efforts to identify and mitigate security vulnerabilities within goeasy’s application portfolio. This role requires your deep understanding of application security and risk management, along with your ability to work collaboratively with cross-functional teams to enhance our security posture.

WHAT EXPERIENCE DO YOU HAVE?

• Solid understanding of web application development, OWASP Top 10, and web application exploitation techniques.
• Experience with CICD pipelines, DevOps, DevSecOps, and secure code development.
• Ability to perform security tests like vulnerability scans and penetration tests.
• Reviewing architecture and solution design documentation to identify risks and complete Security Design documents.
• Leading complex projects and providing security advice to mitigate IT security risks.
• Effective communication skills to convey ideas clearly to engineers and business teams.
• Inculcating the Security by Design culture with all IT teams and developing necessary documentation.
• Bachelor’s degree in computer science, information technology, or cybersecurity, with a preference for a postgraduate degree.
• Five or more years in any security domain (preferably Application Security/Risk Management).
• Certifications: CISSP (required), CISLP, CSSLP, CISM, PMP, CRISC, CIPP, SABSA SCF, TOGAF, OCSP, GPEN (preferred).
• Prior experience as an Information Security Architect is a significant asset.
• Experience coding in Java, Python, JavaScript, R, Apex, or Go, and familiarity with UNIX, BSD, or Linux.
  We offer a Flexible Work Program that provides you the ability to work three days onsite per week, from our Mississauga office.
  Internal Applicants: please apply through the link and provide written endorsement from your current manager.

• Integrating security pipelines into the development process, implementing the “Shift-left” and “Fail the Build” methodologies.
• Implementing Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), and Penetration Testing (PT) activities.
• Managing and prioritizing vulnerabilities, collaborating with IT departments to address them based on risk levels.
• Protecting APIs by leveraging technology to understand and mitigate vulnerabilities, including scanning and alerting on API attacks.
• Providing advisory services to new and existing projects and inculcating the Security by Design culture.
• Identifying, assessing, and documenting security risks within projects, supporting the definition of strategies to mitigate them effectively to comply with goeasy’s security standards.
• Identifying security weaknesses, vulnerabilities, and gaps in the existing technology stack and recommending remediation strategies.
• Conducting comprehensive security assessments on large, medium, and small initiatives.
• Advising the business on information security and privacy matters.
• Evaluating existing security solutions and proposing enhancements to streamline our processes.