Cyber Security Consultant

Full Time
  • Full Time
  • Toronto

Davies - Consulting Division


Position Title: Cyber Security Consultant/ Information and Security Control Risk Consultant

Location: Toronto (Downtown)

Contract duration: 12 months with possibility of FTE conversion

The primary function of an Information and Security Control Risk Manager is to monitor, analyze, and report on cybersecurity requirements against relevant regulations and standards, such as NYDFS, FFIEC, and NIST CSF, while taking a risk-based approach. The IS&C manager will be able to understand complex security challenges, identify vulnerabilities, and propose effective solutions.

Prior experience in regulatory examinations and compliance work such as maintaining control library, updating cybersecurity risk register and performing risk assessment, gap analysis, and audit/exam responses.

Some additional responsibilities include:


  • Dedicated and detail-oriented cybersecurity professional with a strong background in regulatory compliance.
  • Continuously monitor and assess the effectiveness of security controls and processes.
  • Technical skills such as network security, application security, encryption, vulnerability assessment, and incident response.
  • Solid understanding of information security principles and practices, including threat and vulnerability management, incident response, and security operations.
  • Knowledge of information security principles and practices, network protocols, and operating systems.
  • Knowledge of information security risk management frameworks, compliance practices, key risk indicators and metrics.
  • Strong analytical and problem-solving skills, with the ability to work well under pressure and manage multiple priorities.
  • Excellent communication, presentation, written, and collaboration skills, with the ability to work effectively in a team environment.
  • Perform the information security compliance tasks such as ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
  • Perform control assessments against enterprise cybersecurity frameworks and Scotiabank’s standards.
  • Track, manage, and report on any internal or external cybersecurity-related issues.


Qualifications:

Bachelor’s degree in a technical field such as computer science, computer engineering and related field required 3-5 years’ experience required.


Must Have Skills/Requirements:


1. 3-5 years of experience in related cybersecurity technical background and exposure to cloud technologies.


2. Experience on security governance, policies, cybersecurity frameworks, security standards, and regulatory compliance – 2+ years, 1 recent project



3. An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, and networking environments (asset), proven through recent experience in last 2+ project


4. Information security related certification (such as Security+, CISA, CISM, CEH, CISSP)

Nice to have Skills:


– Recent relevant Financial Industry Experience

– Proficiency in MS Office (extended knowledge of MS Excel and PowerPoint are preferred)


Soft Skills:

– Excellent communications and written skills.

– Comfortable putting together and presenting risk reporting to a US IS&C management.

– Candidate must be a team player and may be required to assist other team members in other security and IT risk tasks, as needed.

– Ability to manage assigned tasks and expectations without direct instruction or oversight.


– Fast, adaptable learner who can hit the ground running.

– Ability to work well under pressure while demonstrating strong professionalism.

– Willingness to learn new technologies and security-related information

Education : -Bachelors degree in related Cyber/ IT field

Source

To apply, please visit the following URL: