Senior Information Security Specialist

What you’ll do

The Senior Information Security Specialist is responsible for ensuring that enterprise data is secured and the delivery services in the areas related to data discovery, encryption, certificate and key management, data loss prevention and data loss protections (DLP) infrastructure support. The Senior Information Security Specialist will focus the team on securing enterprise data by ensuring that strong practices and procedures are in place, and that the right tools are utilized in the correct capacity for the job. They will work with Security Architecture, IT and business partners to execute on the roadmap and strategy for Data Protection as well as oversee the continuous improvement of data security capabilities. This role will involve an on-call component.

The ideal candidate is a life-long learner who enjoys continuous learning of new data loss threats, trends, and application of this knowledge to tools and processes. The candidate will work with the Data Protection team to ensure stakeholder alignment with protecting sensitive data across different technologies to prevent data loss at Canadian Tire.

The Senior Security Specialist will assist in providing Cryptographic and Data Loss Prevention services to our business partners. The successful candidate will provide leadership and be responsible for working with other Technology Teams, Audit, Compliance, Legal, PCI Compliance and Vendor Management teams to provide data protection capabilities to the organization.

• Responsible configuring, maintaining, and enhancing solutions around PKI and Certificate Management processes and operations

• Responsible configuring, maintaining, and enhancing Data-at-Rest Encryption solutions

• Acts as Administrator for all cryptographic key activities

• Participates in Cryptographic reviews with businesses

• Develop and produce regular reporting and metrics in relation to Certificate and Key Management

• Development and maintenance of KPIs, KRIs, and SLAs

• Responsible for configuring, maintaining, and enhancing the Data Loss Protection (DLP) platform

• Manage creation and documentation of cryptography processes

• Provide technical support on all aspects of DLP technologies

• Proactive monitoring and maintenance of the DLP platform

• Daily operations relating to DLP such as Incident Triage, Discovery Scanning and Escalations

• Hands-on experience on Data Protection tools and technologies such as CASB, Data Classification tools etc.

• Provide support and further information to aid in investigation of DLP incidents where required

• Act as an expert in cyber security incident resolution and analysis

• Participate in projects and work with the Project team to support ongoing activities and project deliverables

• Assist team colleagues and be a point of contact for queries on aspects of cryptography, data protection tools, technology, and process

• Investigate and respond to critical end-point security incidents

• Assist in the coordination and completion of information security operations documentation

• Develop security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained

• Propose corrective measures to ensure compliance with stated security standards

• Maintain security by monitoring and ensuring compliance to standards, policies, and procedures

• Analyze data trends to make informed decisions based on risks identified

• Implement cybersecurity and privacy principles in alignment with organizational requirements

• Collaborate with stakeholders, gaining a comprehensive understanding of their expectations, ensuring data is stored and protected appropriately

What you bring

• Minimum of 5 years' experience in Information Security

• Bachelor’s degree from an accredited college or university or equivalent experience

• Key Management Life Cycle - Key Generation, Storage, Distribution, Backup, Rotation, Revocation, Destruction etc.

• Hands on experience and knowledge of TLS, PKI, HSMs, KMIP, and Digital Certificate Management

• Knowledge of, or hands-on experience with security technologies similar to Data Loss Prevention (DLP)

• Must have at least one, preferably more of the following Security certification GIAC, CISSP, CISM, CISA, CEH

• Some Experience with Multiple Technologies Including: DLP Tools, MS Defender, CASB Solutions & MDM Solutions            

• Some Windows/Linux administrator experience

• Experience and knowledge of cloud security infrastructure

• Knowledge of financial institutions laws and regulations

• Understanding data lineage and classification to make informed decisions based on scope and potential risks

• Knowledge of Payment Card Industry (PCI) data security standards.

• Knowledge of network management and networking tools (e.g. Nslookup, Ping, and Traceroute) would be an asset to the role

• Knowledge of PIPEDA and GDPR would be an asset.

• Understanding risk management processes, including methods for assessing and mitigating risk

• Understanding of threat analysis is for formulating effective strategies to protect data, creating response plans for incidents like data leak

• Excellent communicator including demonstrated presentation and negotiation skills

• Demonstrated ability to understand business requirements and design and deploy technical solutions to meet business objectives

• Proven you are detail-oriented, organized, methodical, and Figure it Out skills with an analytical

Hybrid

We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.

About Us

Canadian Tire Corporation, Limited (“CTC”) is one of Canada’s most admired and trusted companies. With more than 90 Owned Brands, 1,700 retail locations, financial services, exemplary e-commerce capabilities, and exciting market-leading merchandising strategies. We dream big and work as one to innovate with purpose for our customers at every level of our business, investing in new technologies and products, and doubling down on top talent to drive the company forward. We offer competitive salaries and wages to CTC employees, as well as store discounts, supported learning through our Triangle Learning Academy, Canadian Tire Profit Sharing, and retirement and savings programs for eligible employees. As part of our enhanced flex benefits program, we offer mental health benefits in the amount of $5,000 per year for benefits-eligible employees and their families, including total well-being, and mental health tools and resources for all employees. Join us in helping to make life in Canada better through living and working our Core Values: we are innovators and entrepreneurs at our core, outcomes drive us, inclusion is a must, we are stronger together and we take personal responsibility. It is an especially exciting time to join CTC and its family of companies where career opportunities are wide-ranging! Join us, where there's a place for you here.

Our Commitment to Diversity, Inclusion and Belonging 

We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better.

Accommodations  

We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.