Specialist , Cybersecurity Assurance - 33260

Job Description

Description

• Leads the execution of cyber assurance activities including but not limited to penetration tests, application security testing, tabletop exercises. 
• Collaborates with Strategic Procurement for the sourcing exercise and on-boarding of the third-parties for the execution of cyber assurance activities.
• Collaborate with different internal stakeholders (such as Advisory, DevOps, Architecture, Project team) to prepare and execute cyber assurance activities. 
• Review, interpret and recommend remediations based on cybersecurity testing reports (such as SAST, DAST and penetration test).
• Validates the results of cyber assurance activities with the internal and external stakeholders. 
• Leads the execution of third-party cyber risk assessments (pre and post contacting, and ongoing monitoring) to ensure compliance with internal information security policies and procedures, as well as external requirements.
• Ensures that cybersecurity clauses are embedded in the agreements with third parties.
• Manage cybersecurity risks, vulnerabilities, and defects from identification to remediation.
• Performs risk assessments, documents them and support the implementation of mitigating controls consistent with company strategy.
• Generate reports to demonstrate cyber assurance metrics and KPI.
• Identify Cyber risks, communicate and develop “best practice” solutions, and recommend mitigating controls consistent with company strategy.
• Introduce new processes, initiatives to improve cyber assurance practice. 
• Represent the organization and take an active participation on different IT business or security airline specific forums.
• Supporting the leadership team on strategic initiatives specific to the respective portfolio.

Qualifications

• A relevant University degree/technical certification, and/or relevant experience commensurate to the role
• 6-8 years of IT technology, operations, and people leadership experience in a large company, with a minimum of 4 years of experience in a cyber security and/or risk & compliance role.
• Extensive application security, SDLC and integration understanding.
• Thorough understanding of Application Security Testing, Penetration Test, Tabletop Exercises.
• Current information security certification (CISSP, CISM or equivalent) is an asset.
• Strong knowledge and understanding of cyber security concepts, protocols, industry best practices, strategies, frameworks and regulations such as SOX, PCI DSS, ISO, CoBIT, NIST, PIPEDA, GDPR.
• Exceptional analytical, organizational and communication skills.
• Self-motivated and independent worker.
• Possess investigative nature and be self-motivated.
• Results oriented with proactive and methodical approach to problem solving.
• Able to multi-task and work under pressure against tight deadlines and changing priorities.
• Must be a team player with ability to work closely with diverse groups and working styles.
• Ability to establish and maintain effective business relationships.
• Flexibility and willingness to work extended hours, when required.

• Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.