Business Information Security Officer

As our IT Security Analyst, this role requires a motivated self-starter with strong analytical and problem-solving skills, a deep understanding of risk and compliance management principles, excellent communication and report-writing abilities, and knowledge of industry-specific regulations, standards, and frameworks. You should be passionate about security and committed to due diligence. Responsibilities include but are not limited to:

• Identify, analyze, remediate, and report on vulnerabilities across Equifax Canada infrastructure.
• Conduct penetration tests and coordinate remediation plans with teams.
• Assess and validate security controls, suggesting appropriate compensating controls for vulnerabilities and gaps.
• Engage stakeholders to drive remediation of application and infrastructure vulnerabilities.
• Proactively identify and address defects to protect systems, networks, and data from cyber-attacks.
• Assist in tracking and improving security posture and incident response engagements.
• Support asset management and compliance reporting for the overall infrastructure.
• Create and maintain vulnerability and asset health metrics, dashboards, and reports.
• Collaborate with internal and external audit teams for information gathering and reporting.
• Support evidence collection for security compliance frameworks such as NIST, PCI-DSS, ISO 27001, and SOC assessments.

• Minimum 5+ years in security with at least 2+ years of hands-on experience in vulnerability management and application security.
• Strong understanding of technical security controls, secure coding standards, and experience with cloud platforms like GCP and AWS.
• Knowledge of PKI, encryption standards, microservices architectures, and Kubernetes security.
• Ability to advise the Information Security Officer on risk posture related to the environment.
• Experience with reporting tools like ServiceNow, including workflow and dashboard creation.
• Experience with enterprise vulnerability management tools, SAST, and DAST.
• Excellent communication skills for technical teams and management.
• Exposure to audits such as PCI, SOC, ISO 27001.
• Familiarity with security frameworks like NIST, COBIT, ITIL, ISO.
• Proactive, detail-oriented, and capable of working independently and efficiently.
• Ability to adapt approaches based on team needs to support business value.

What could set you apart

• Passion for Cybersecurity.
• Bilingual in French (asset).
• Experience in cybersecurity and vulnerability management in large organizations.

Primary Location: CAN-Toronto-5700 Yonge

Function: Security Governance and Compliance

Schedule: Full-time

Leading AI/ML Fraud Protection used by over 9,000 companies globally, helping to reduce chargebacks, manual reviews, and enabling more orders.