Analyst, Information Security

What you’ll do

The Cybersecurity Specialist is a key player responsible for spearheading initiatives to identify, investigate, communicate, resolve, and improve information security governance, risk and compliance in our IT investments. 

You will partner with across the organization, including, Technology, Enterprise Risk Management, Internal Audit, PCI Compliance, Vendor Management and other stakeholders to assess cybersecurity risks for the organization, including 3rd party risk, while helping teams determine mitigation strategies to maintain and/or reduce the residual risk of the organization. Sounds like a lot? Well, there’s more:

• Be the champion in risk assessment of technologies and processes in the environment, including our digital crown jewels and other compliance impacting technologies and processes.

• Connect the dots to improve and enhance risk assessment processes.

• Assess third-party risk on the use of vendors for day-to-day operations.

• Provide oversight, reporting, and metrics on risk functions.

• Anticipate risk and assist owners in building action plans for risk mitigation.

• Review risk assessments of non-senior team members and peers

• Validating operating effectiveness of IT general controls

• Following up on vulnerabilities, configuration and cloud gaps and track remediation

• Maintaining risk and controls repositories and documentation 

• Providing support for policy exception management procedures

• Assisting with metrics and reporting

What you bring

• Bachelors Degree in Computer Science or related discipline and relevant experience in IT/ Information/Cyber Security.

• Excellent communication skills along with admirable documentation and presentation skills.

• Problem solver with the ability to analyze and prioritize to meet business objectives

• Organized individual who is always seeking to automate or improve efficiency of procedures

• Creative thinker who is observant to seek new opportunities and perceptive to abstract ideas

• Goal driven individual to seek out continuous improvement opportunities

• Solid foundation of relevant technical skills

• Understands/Experience in risk assessments including third-party risk

• Have knowledge of security governance frameworks, policies and standards 

• Understands principles of security controls testing

• Audit and/or IT risk management 

• Knowledge of IT risk and control frameworks, COBIT 5, NIST CSF & ISO27001, CIS

• Understand System Development Life Cycle (SDLC) process and agile methodologies

• Familiarity with Data Privacy and Protection standards PCI, PII.

• Basic knowledge of cryptography and encryption algorithms.

• Familiarity with identity management controls including Multi Factor Authentication and Single Sign On.

• Understanding of vulnerability and configuration management procedures. 

• CISSP, CISA and/or CRISC designations (or working towards) would be an asset

Hybrid

We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.

#LI-GT1

About Us

At Canadian Tire Services Limited/Canadian Tire Bank, it is our mandate to continue to create innovative and rewarding financial solutions for our customers. Our growing suite of products and services showcase the dynamic contributions from our employees and our success is driven by a strong vision, loyal customers, and our ability to build teams that reflect the diverse customers and communities in which we live and work. Join us, where there's a place for you here.

Our Commitment to Diversity, Inclusion and Belonging 

We are committed to fostering an environment where belonging thrives, and diversity, inclusion and equity are infused into everything we do. We believe in building an organizational culture where people are consistently treated with dignity while respecting individual religion, nationality, gender, race, age, perceived ability, spoken language, sexual orientation, and identification. We are united in our purpose of being here to help make life in Canada better. .

Accommodations  

We stand firm in our Core Value that inclusion is a must. We welcome and encourage candidates from equity-seeking groups such as people who identify as racialized, Indigenous, 2SLGBTQIA+, women, people with disabilities, and beyond. Should you require any accommodation in applying for this role, or throughout the interview process, please make them known when contacted and we will work with you to help meet your needs.