Senior Security Specialist

The Senior Security Specialist is a key player responsible for spearheading initiatives to identify, investigate, communicate, resolve, and improve information security governance, risk and compliance in our IT investments.

You will partner with across the organization, including, Technology, Enterprise Risk Management, Internal Audit, PCI Compliance, Vendor Management and other stakeholders to assess cybersecurity risks for the organization, including vulnerabilities, while helping teams determine mitigation strategies to maintain and/or reduce the residual risk of the organization. Sounds like a lot? Well, there’s more:

• Be the championinrisk assessment of technologies and processes in the environment, including our digital crown jewels and other compliance impacting technologies and processes

• Understand and collaborate with stakeholders for prioritizing and mitigating vulnerabilities identified within the environment through vulnerability assessment, penetration testing, application security testing and/or any other risk assessment activity

• Following up on vulnerabilities, configuration and cloud gaps and track remediation

• Help further mature existing vulnerability management program

• Connect the dots to improve and enhance risk assessment processes

• Assess third-party risk on the use of vendors for day-to-day operations

• Provide oversight, reporting, and metrics on risk functions.

• Anticipate risk and assist owners in building action plans for risk mitigation

• Review risk assessments of non-senior team members and peers

• Validating operating effectiveness of IT general controls

• Maintaining risk and controls repositories and documentation

• Providing support for policy exception management procedures

• Assisting with metrics and reporting

• University degree or college diploma in technology

• Possess one or more professional certifications, such as CISSP, CISM, CISA, CCSP, CRISC etc.

• Overall 5+ years of experience in information technology and/or information/cyber security

• Good knowledge and understanding of risks, audits and processes relating to Information/Cyber Security and IT

• Excellent communication skills

• Good documentation and presentation skills

• Creative thinker who takes initiative

• Problem solver with the ability to analyze and prioritize to meet business objectives

• Collaborative team player with superior influencing skills, who builds relationships easily

• Organized individual who is always seeking to automate or improve efficiency of procedures

• Creative thinker who is observant to seek new opportunities and perceptive to abstract ideas

• Goal driven individual to seek out continuous improvement opportunities

• The ability to take a collaborate approach to build strong relationships and have positive team experiences

• Good knowledge/understanding and experience of vulnerability and configuration management procedures and how those impact an organization

• Good knowledge and understanding about penetration testing and application security testing, including SAST, DAST and SCA

• Some application development experience in professional setting is preferred

• Flexible and dynamic individual who is able to adjust and prioritize accordingly to adapt to business demands and requirements

• Solid foundation of relevant technical skills

• Good scripting skills using Python or similar tools

We’re always looking for great talent! In addition to competitive pay, we offer:

• Comprehensive benefits and retirement programs

• Performance incentives, Continuing Education Programs

• Other perks to support your well-being

• Career growth opportunities and product discounts

Our typical hiring range is between $64,000.00 and $106,000.00 per annum. Salary decisions are also dependent on other factors such as your experience, job-related knowledge, skills and competencies, market location, industry benchmarks, internal equity and other role-specific requirements. We're committed to attracting top talent. For critical roles, the compensation offering will be reviewed to ensure alignment with market rate and conditions and the unique value you bring to the role. #LI-AG2

This posting represents an existing vacancy within our organization.

At Canadian Tire Services Limited/Canadian Tire Bank, it is our mandate to continue to create innovative and rewarding financial solutions for our customers. Our growing suite of products and services showcase the dynamic contributions from our employees and our success is driven by a strong vision, loyal customers, and our ability to build teams that reflect the diverse customers and communities in which we live and work. Join us, where there's a place for you here.

We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better. .

We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.