Senior IT Security Advisor (Application Security)

Join one of Canada’s fastest-growing companies and be part of something extraordinary – welcome togoeasy! Atgoeasy, our people and culture are at the heart of everything we do, and we’re proud to be recognized for it. We’ve earned prestigious accolades such asWaterstone Canada’s Most Admired Corporate Cultures,Canada’s Top Growing Companies, and theTSX30, highlighting us as one ofthe top performers on the TSX. We’re also thrilled to be named aGreater Toronto Top Employerand proudly certified as aGreat Place to Work.These honors reflect our commitment to fostering an inclusive, high-performance culture where talent thrives and innovation drives us forward.

As one of Canada’s leading alternative consumer lenders, we’re passionate about helping everyday Canadians create a brighter future. Our vision is to provide a path to a better tomorrow, today. We offer a full range of products, including non-prime leasing, unsecured and secured loans, and point-of-sale financing througheasyhome,easyfinancial, andLendCare.

If you're seeking an exciting, high-growth environment where your contributions truly matter, we want to hear from you! Join us, and together, let's create a future of financial empowerment.

As the Senior IT Security Advisor (Application Security), you will lead efforts to identify and mitigate security vulnerabilities within goeasy’s application portfolio. This role requires your deep understanding of application security and risk management, along with your ability to work collaboratively with cross-functional teams to enhance our security posture.

What will you be doing?

• Integrating security pipelinesinto the development process, implementing the “Shift-left” and “Fail the Build” methodologies.
• Implementing Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), and Penetration Testing (PT) activities.
• Managing and prioritizing vulnerabilities, collaborating with IT departments to address them based on risk levels.
• Protecting APIsby leveraging technology to understand and mitigate vulnerabilities, including scanning and alerting on API attacks.
• Providing advisory servicesto new and existing projects and inculcating the Security by Design culture.
• Identifying, assessing, and documenting security riskswithin projects, supporting the definition of strategies to mitigate them effectively to comply with goeasy’s security standards.
• Identifying security weaknesses, vulnerabilities, and gapsin the existing technology stack and recommending remediation strategies.
• Conducting comprehensive security assessmentson large, medium, and small initiatives.
• Advising the businesson information security and privacy matters.
• Evaluating existing security solutionsand proposing enhancements to streamline our processes.

What experience do you have?

• Solid understanding of web application development, OWASP Top 10, and web application exploitation techniques.
• Experience with CICD pipelines, DevOps, DevSecOps, and secure code development.
• Ability to perform security tests like vulnerability scans and penetration tests.
• Reviewing architecture and solution design documentation to identify risks and complete Security Design documents.
• Leading complex projects and providing security advice to mitigate IT security risks.
• Effective communication skills to convey ideas clearly to engineers and business teams.
• Inculcating the Security by Design culture with all IT teams and developing necessary documentation.
• Bachelor’s degree in computer science, information technology, or cybersecurity, with a preference for a postgraduate degree.
• Five or more years in any security domain (preferably Application Security/Risk Management).
• Certifications: CISSP (required), CISLP, CSSLP, CISM, PMP, CRISC, CIPP, SABSA SCF, TOGAF, OCSP, GPEN (preferred).
• Prior experience as an Information Security Architect is a significant asset.
• Experience coding in Java, Python, JavaScript, R, Apex, or Go, and familiarity with UNIX, BSD, or Linux.

We offer a Flexible Work Program that provides you the ability towork three days onsite per week, from our Mississauga office.

Internal Applicants:please apply through the link and provide written endorsement from your current manager.

Why should you work for goeasy?

In keeping with our mission to create better tomorrows for our employees, each year goeasy commits to continuously enhancing its total rewards. Here are some of the perks we offer…

Financial Benefits:

• Leverage our RRSP match and Employee Share Purchase Plan programs.
• Annual bonus that rewards your hard work and dedication.
• Employee discounts on furniture, electronics, and appliances.
• MAT & PAT leave top-up.
• Expand your financial knowledge through engaging Financial Literacy Learning opportunities.

Health and Lifestyle:

• Enjoy company-paid volunteer days to give back to the community.
• Access 24/7 healthcare with Virtual Doctor Appointments.
• Personalize your benefits with a flexible modular benefits package.
• Stay fit and energized with exclusive access to our on-site private gym at our head office.

Employee Perks:

• Fuel your growth with the Tuition Assistance Program.
• Double the impact of your generosity with Company Matched Charitable Donations.
• Internal development training programs and platforms including job-specific training, career coaching, leadership excellence, mentorship, and many others.
• Enjoy a state-of-the-art office space with perks like a games room, a healthy snack program, a fitness studio, free gated parking, and more!

Diversity, Inclusion, and Equal Opportunity Employment:
At goeasy, we believe that we can only be the best when people are able to bring their best selves to work every day. This means that we are committed to cultivating and preserving a work culture where we celebrate who we are, where everyone feels seen and heard and where every employee can fulfill their potential. As an equal opportunity employer, we are committed to providing accommodations for applicants upon request at any stage of the recruitment process in accordance with all legislative requirements throughout Canada. Please let us know if you require an accommodation during any aspect of the recruitment process and we will work with you to address your needs.

Additional Information:
All candidates considered for hire must successfully pass a criminal background check, credit check, and validation of their work experience to qualify for hire. We thank all interested applicants, however we will only be contacting those for interview who possess the skills and qualifications outlined above.