Lead Information Security Specialist

Department: Information Technology
Employment Type: Regular Full-Time
Work Model: Remote 
Language: English is required, French is an asset 

The Opportunity:

We are a leading Canadian financial services co-operative committed to being a catalyst for a sustainable and resilient society and our team is essential to deliver on this strategy. That’s why we prioritize our people, to ensure we provide a strong culture and development opportunities which enables our team to thrive and to live our purpose. The best part is that you will work with people that care passionately about you, our clients, and our communities.

Our Information Technology team aspires to be a leader in applying technology to power business strategies. We connect concepts with solutions to create value and efficiencies for our clients, employees, and communities. Our success is driven by our skilled and diverse team who are passionate about excellence, innovation, and agility.

The Lead Information Security Specialist is responsible for program/project/product/service development, quality assurance, and effective and efficient delivery of Security Governance program elements in the areas of policy advisory, assurance, training, awareness, with a heavy concentration on metrics & reporting.

How you will create impact:

• Develop, update, and review information security policies, standards, and guidelines based on industry frameworks, best practices, and regulatory requirements, including:

• Develop, communicate, and maintain annual governance update and review schedule.
• Lead and coordinate stakeholder engagement and review, ensuring feedback is collected and incorporated as appropriate.

• Keep abreast of emerging threats and trends to maintain effective and relevant policies.
• Engage with external stakeholders, including regulatory bodies, to ensure adherence and foster partnerships.
• Maintain the organisation's information security controls library.
• Monitor controls design and operating effectiveness with business requirements, regulations, and industry standards (e.g., OSFI, ICFR, NIST CSF).
• Collaborate with other departments to include controls in existing processes and systems.
• Prepare assurance reports for senior management and stakeholders.

• Manage and coordinate assurance activities including issue and remediation tracking, coordinating testing engagements and collecting metrics to support Secure-SLDC compliance.

How you will succeed:

• You have an innovative mindset to improve operational efficiencies and ability to influence change, with a primary focus on client needs.  
• You use critical thinking skills to recognize assumptions, evaluate arguments, draw conclusions and proactively propose solutions.
• You have strong communication skills to clearly convey messages and explore diverse points of view. 
• You build trusting relationships and provide guidance to support the development of colleagues.

To join our team:

• Bachelor’s degree in information technology, Cybersecurity, or a related field.
• 8+ years of experience in information security, specifically in governance, risk, architecture, consulting, and compliance.
• Comprehensive knowledge of information security frameworks and standards (e.g., ISO 27001, NIST CSF, COBIT, PCI DSS, CIS).
• Highly desirable certifications include CISSP, CISM, CRISC, CISA.
• Experience in developing and documenting information security policies, standards, and operating security assurance programs in medium to large organisations.
• Proven ability to drive adherence with standards and controls.
• Expertise in risk assessment and management methodologies.
• Experience with coordinating penetration testing and application secure coding practices.
• Effective communication skills, suitable for conveying complex information to both technical and non-technical audiences.
• Working knowledge of testing approaches and methodologies for controls as well as experience with reporting results and tracking.
• Excellent analytical and problem-solving skills.
• Ability to work well within a collaborative environment.
• Strong project management skills with the capability to manage multiple priorities.

What you need to know:

• This role involves direct contact with clients and/or service providers in their environment. 
• Detail oriented work that requires a moderate degree of mental concentration for extended periods of time.
• Extended work hours, including evenings and weekends, may be required.  
• You will be subject to a Background check as a condition of employment, in the event you are the successful candidate.

What’s in it for you?

• Training and development opportunities to grow your career.
• Flexible work options and paid time off to support your personal and family needs.
• A holistic approach to your well-being, with physical and mental health programs and a supportive workplace culture.
• Paid volunteer days to give back to your community.
• In addition to our competitive salary and incentive programs, eligible employees also benefit from a comprehensive total rewards package including group retirement savings plans, pension and benefits (e.g., health and wellness, dental, disability and life coverage), mental health support and an employee assistance program. Please contact our recruitment team for more information.