Senior Technology Specialist, Information Security

at  Equitable CA

At Equitable, we realize that your work life is not just about performing a job; it’s about being part of a workplace that helps you grow and reach your full potential. Within our friendly and collaborative work environment, we recognize that the key to our growth and success is a dedicated, motivated and client-responsive staff. Join Equitable today.
Position Title: Senior Technology Specialist, Information Security
Reports To: Senior Technology Manager, Information Security
Department: IT Security & BCP
Term: Permanent Full-Time
Work Arrangements: This is a hybrid role. You will work in our office in Waterloo, ON a minimum of two (2) assigned, consecutive days every other week, plus a fifth (5th) assigned day per month. You are welcome to work from the office more than the minimum requirement and there may be some roles that are required to work in our office more than the minimum requirement.
The Opportunity: Reporting to the Manager, Cyber Security Operations, the Senior Security Specialist is a technical security expert promoting secure architecture and design at Equitable. This role improves the security position of Equitable through various activities including but not limited to: performing technical security reviews on Company initiatives, providing leadership to other teams on security related topics and defining system security architecture, strategy and designs.

• Provide subject matter expertise to senior management and technical teams, and support the design, deployment, configuration, and monitoring/evaluation of a secure hybrid environment (on premises and Cloud) in the areas of infrastructure (hardware, software, and networks), secure application development, and secure data management
• Define and communicate security requirements with business and technical teams for new corporate projects and business operations
• Perform security assessments, identify gaps, and provide recommendations to improve overall enterprise security and to ensure compliance with regulatory and security requirements
• Research and propose new solutions (including cost and effort estimates) for Cloud Security, Endpoint Security, Network Security, Perimeter Defense, Identity and Access Management, Vulnerability Management, Secure SDLC (Software Development Life Cycle), and other areas as required
• Perform planning, deployment, testing, and documentation of new security solutions or enhancements to existing security solutions in accordance with security best practices and policies
• Participate in the design and execution of vulnerability assessments, penetration tests, security audits, and Threat Risk Assessments, providing recommendations on risk avoidance, mitigation, and issue resolution
• Implement recommendation actions and apply fixes to address gaps identified by assessments and compliance tools such as Azure/365 compliance centers, Microsoft Defender for Cloud and Rapid7
• Participate in the planning and design of enterprise security architecture and document how the implementation of modern technology impacts the security posture of the current environment
• Identify and prioritize system functions required to promote continuous availability of critical business processes and assist in planning, developing, and testing enterprise Disaster Recovery and Business Continuity Plans
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures)
• Whenever required, manage enterprise security systems including but not limited to firewalls, VPN (Virtual Private Networks), IPS/IDS (Intrusion Detection and Prevention Systems), Key Vaults, PKI (Public Key Infrastructure), EDR (Endpoint Detect and Response) (Endpoint Detection and Response), Antimalware, Vulnerability Scanners, SIEM (Security Information Event Manager), PIM (Privileged Identity Manager), SWG (Secure Web Gateway)
• Whenever required, participate in investigations and troubleshooting security related issues
• Perform other duties as required