REQ-1089 Leader, Threat and Vulnerability Management (Open)
City : Toronto
Category : Full time
Industry : Financial Services
Employer : Interac
Leader, Threat & Vulnerability Management
At Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real-time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada.
Want to make a lasting impact amongst a community of creative thinkers, problem solvers, technical virtuosos, and high-performance application developers? We want to hear from you.
The Leader, Threat & Vulnerability Management will be lead the Security Operations Centre and serve as a technical expert in the performance of penetration testing / vulnerability assessments both internally and client-facing. They will also be responsible for the implementation of the Vulnerability Management Program.
You’ll be responsible for:
Maintaining situational awareness of cyber threats across the organization and driving the appropriate or commensurate response activities, where necessary.
Understanding and connecting threats to the risks of the organization to provide appropriate capabilities and services.
Interfacing between the CISO's strategic and process-based activities and the work of business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, scale, and resilience.
Representing the CISO during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly defined.
Working with the CISO to develop a security program and security projects that address identified risks and business security requirements.
Managing the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.
Supporting the CISO to develop budget projections based on short and long-term goals and objectives.
Leading and coaching a team of Information Security professionals that provides expert analysis of security events, technical analysis of malicious activity, and recommendation of remedial actions. Innovating on reporting methods and delivering actionable intelligence (threat and vulnerability issues) clearly and concisely to peers, stakeholders, and senior leadership as needed.
Collaborating with various stakeholders to:
- identify information asset owners to classify data and systems as part of a control framework implementation.
- ensure performance of vulnerability releases, scanning and remediation procedures, and testing of services / applications in development or current.
Leading the Vulnerability Management processes to:
- Develop and maintain vulnerability management & security posture reporting mechanisms and metrics.
- Feed key metrics on proactive security into the Security Risk Management Process.
- Ensure quality and timeliness of all vulnerability management notification processes.
- Leading the Vulnerability Management operational review meetings.
Assisting and participating in the management of the Incident Management processes to ensure timely resolution of incidents.
Maintaining awareness of evolving threats, trends, exploit techniques, and technologies.
A minimum of 5 years of practical experience within the last 7 years, directly related to the functions of this role.
Knowledge and experience in Proactive Security: Vulnerability Management, Threat Intelligence, Application Security Toolsets and Techniques.
Certification in Penetration Testing or similar certification is an asset (OSCP).
A Government of Canada Security Clearance (Level I) or the eligibility to obtain one.
Eligibility to work for Interac Corp. in Canada in a full-time capacity.
Proven ability to facilitate collaborative troubleshooting across multiple business units.
The ability to build consensus, negotiate and influence within the IT organization and business management to align priorities and plans with key business objectives.
Previous experience translating customer requirements into detailed development specifications.
Excellent verbal and written communication skills including documentation skills, and the ability to present critical/sensitive information in a concise and clear manner.
A results-focused mindset to coordinate and manage several priorities and initiatives concurrently.
Ability to solve a range of complex problems in a creative way, exercising judgement based on the analysis of multiple sources of information.
In-depth knowledge and understanding of information risk concepts and principles, industry best practices as a means of relating business needs to security controls.
Experience developing and maintaining policies, procedures, standards, and guidelines.
Experience with common information security management frameworks, such as International Standards Organization (ISO) 27000, the IT Infrastructure Library (ITIL) and National Institute of Standards and Technology (NIST).
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
An understanding of operating system internals, Cloud, DevSecOps, and network technologies and protocols.
Experience in application technology security testing (white box, black box and code review) and system technology security testing (vulnerability scanning and penetration testing).
Interac requires employees to complete a background check that is completed by one of our service providers. We use this service to complete the following checks:
- 5-year employment verification;
- Canadian criminal record check;
- Education verification;
- Canadian ID cross-check;
- Public safety verification; and
- Credit inquiry
How we work
We know that exceptional people have great ideas and are passionate about their work. Our culture encourages excellence and actively rewards contributions with:
Connection: You’re surrounded by talented people every day who are driven by their passion of a common goal.
Core Values: They define us. Living them helps us be the best at what we do.
Compensation & Benefits: Pay is driven by individual and corporate performance and we provide a multitude of benefits and perks.
Education: To ensure you are the best at what you do we invest in you