Assigned to multiple projects as is the same for all IS Officers in this group providing security consulting to development teams on information security matters – conducting security assessments of technology changes
Security assessment for applications throughout the entire banks. There are 12 people on your team. Everyone is collaborative and team players.
Employee Value Proposition (EVP):
This is a very challenging environment and they can really learn here as they operate on a different model from the other banks. This team is responsible for all technology projects within the bank as well therefore will have a lot of exposure to many different things.
1. Consulting and Advisory: Work closely with portfolio personnel, stakeholders, and senior management to identify Information Security related risks and controls.
Understand business, local and Information Security strategies as they relate to the portfolio.
Provide Information security requirements, advice and counsel to portfolio personnel, project teams, and the Business ensuring alignment to IS processes and solutions.
Lead security architecture / design of projects / solution (application/infrastructure/etc.) as required.
Manage/facilitate security due diligence activities throughout the project lifecycle to ensure that security risks are identified and controls are implemented to mitigate risk.
Evaluate and assess emerging security threats and vulnerabilities in portfolio and work with portfolio personnel to identify appropriate controls.
Provide portfolio personnel guidance in understanding and responding to security incidents with appropriate stakeholders.
Be an advocate for IS solutions and standards.
Work as Information Security subject matter expert and provide expertise in regards to their support area or portfolio.
2. Governance and Control: Implement information security risk governance and control framework for the local organization that incorporates a consistent, sustainable methodology for identifying, assessing, and documenting information security risk that provides early warning of potential failure to meet information security requirements.
Directs and monitors due diligence of information security risk processes and results on an ongoing basis Oversees and manages portfolio of Information Risk Issues (IRI) to ensure these are current, accurate and are supported by sound resolution plans Complete portfolio level risk assessments Interprets and acts on IS reports.
Ensure compliance to standards specific to the local organization, consistent with IS policies and guidelines.
Review and provide recommendations to IS policies, standards, guidelines/ processes.
Escalate potential or unresolved security issues to management for resolution as appropriate.
3. Communication and Reporting:
Consolidate, interpret and report key information security risk, trends for the portfolio and understand effectiveness of controls in managing the key risks. This includes contribution to centralized reporting efforts, and initiation of ad hoc analyses and reporting for a variety of stakeholders within the portfolio to ensure that appropriate parties are aware of security issues.
4. Training and Awareness: Participate, facilitate and deliver training and awareness to promote Information Security within the assigned portfolio.
Promoting centralized training and awareness opportunities to ensure participation from assigned group.
Spreading awareness and knowledge of good Information Security practices in the general and specific (e.g. developer) local populations.
Assist local organizations in developing and implementing their own unit or role specific Information Security training and awareness programs as appropriate.
Must Have Skills:
5-6 years in application security in a large enterprise environment In depth knowledge of Application Security, Information Security risk and industry best practices (how to best manage risk) Knowledge based on hands on experience in implementing security in rapid software development methodologies (like, Agile) and DevOps automation Working knowledge of the technical areas supported e.g. data warehouses, mainframes, networks, etc.
Working knowledge of policies, standards and operating procedures in large organizations relating to information security risk (enterprise level) IBM Appscan, HP Fortify Information Security certification e.g. CISSP, CISSLP, GIAC etc. (one of the three at minimum) Excellent Communication Skills
Nice to Have Skills:
Mobile application security or mobile device security*** Working knowledge of a bank’s Operating Group businesses (BMO preferred) Software security (e.g. defensive programming, source code analysis, application penetration testing, threat modelling) Database security (e.g. secure database configuration) Network security (e.g. firewall management, network zone policies)
Advanced analytic skills
Strong relationship management skills
Please send resumes to email@example.com
|Application Deadline||April 30, 2017|
|Experience Required||5+ years|
|Job Duration||6 months|