Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are available through a variety of wealth management platforms.
About Haventree Bank
Headquartered in Toronto Ontario Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the banks mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system.
Position Summary:
Reporting to the Director Information Security the Senior Information Security Analyst plays a key role in advancing the Banks security operations and strengthening its ability to detect respond to and mitigate evolving threats. This role combines hands-on technical execution with broader contributions to the Banks security programs and overall risk posture.
Major Duties & Responsibilities:
Monitor investigate and coordinate response to security alerts and incidents across cloud endpoint identity email and network environments
Act as an escalation point for complex investigations analyzing attack patterns scope and potential business impact
Collaborate with MSSP and internal teams to ensure effective detection response and operational alignment
Perform proactive threat hunting to identify suspicious or malicious activity not detected through standard alerting
Develop tune and maintain detection use cases aligned to attacker tactics and frameworks such as MITRE ATT&CK
Support and enhance the effectiveness of security platforms (e.g. SIEM EDR/XDR CNAPP and identity)
Coordinate vulnerability management activities including prioritization remediation tracking and risk reporting
Design and execute comprehensive phishing simulation campaigns to assess organizational security awareness. Analyze campaign results and create detailed reports for management and board presentations.
Manage and deliver security awareness training programs for employees focusing on regulatory compliance social engineering threats and secure handling of financial data. Track completion rates and assess program effectiveness.
Conduct security reviews for systems projects and vendors to ensure alignment with security requirements and regulatory expectations
Expand and mature data protection initiatives including alignment with data classification and DLP controls
Develop and maintain operational metrics reporting and runbooks to improve visibility consistency and response effectiveness
Stay up-to-day on information security trends and industry best practice approaches
Qualifications & Experience:
Degrees Diplomas & Certifications:
Bachelors degree in Computer Science Information Security or a related field
Relevant industry certifications are considered an asset including:
Certified Cloud Security Professional (CCSP) or similar cloud-focused certification
Years and Range of Experience Required to Perform the Job:
5 years of progressive experience in information security security operations threat detection incident response or related cybersecurity roles
Hands-on background investigating security events and incidents across multiple security domains
Proven ability to develop tune and validate detections in SIEM EDR/XDR or related security platforms
Strong working knowledge of cloud and SaaS security including Microsoft 365 and Azure (Sentinel Defender Entra ID); exposure to AWS or GCP is considered an asset
Practical understanding of identity and access management (IAM) concepts including user access reviews privileged access management or identity governance platforms
Demonstrated involvement in vulnerability management programs security assessments and operational security reporting
Familiarity with threat intelligence concepts indicators of compromise (IOCs) and threat landscape monitoring
Proficiency in scripting (e.g. PowerShell KQL Python) for automation detection development or log analysis is considered an asset
Background working with MSSPs managed detection and response providers or external security partners is considered an asset
Exposure to regulated industries (e.g. financial services banking) is considered an asset
While we thank everyone for their interest in Haventree Bank please note that only candidates selected for an interview will be contacted. Haventree Bank is committed to providing accommodation when needed. If you require an accommodation we will work with you to meet your needs.
As a job candidate our recruitment process includes collecting personal information. Please click the link here to review our Privacy Policy.Privacy Statement Haventree Bank
Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are avail...
Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are available through a variety of wealth management platforms.
About Haventree Bank
Headquartered in Toronto Ontario Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the banks mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system.
Position Summary:
Reporting to the Director Information Security the Senior Information Security Analyst plays a key role in advancing the Banks security operations and strengthening its ability to detect respond to and mitigate evolving threats. This role combines hands-on technical execution with broader contributions to the Banks security programs and overall risk posture.
Major Duties & Responsibilities:
Monitor investigate and coordinate response to security alerts and incidents across cloud endpoint identity email and network environments
Act as an escalation point for complex investigations analyzing attack patterns scope and potential business impact
Collaborate with MSSP and internal teams to ensure effective detection response and operational alignment
Perform proactive threat hunting to identify suspicious or malicious activity not detected through standard alerting
Develop tune and maintain detection use cases aligned to attacker tactics and frameworks such as MITRE ATT&CK
Support and enhance the effectiveness of security platforms (e.g. SIEM EDR/XDR CNAPP and identity)
Coordinate vulnerability management activities including prioritization remediation tracking and risk reporting
Design and execute comprehensive phishing simulation campaigns to assess organizational security awareness. Analyze campaign results and create detailed reports for management and board presentations.
Manage and deliver security awareness training programs for employees focusing on regulatory compliance social engineering threats and secure handling of financial data. Track completion rates and assess program effectiveness.
Conduct security reviews for systems projects and vendors to ensure alignment with security requirements and regulatory expectations
Expand and mature data protection initiatives including alignment with data classification and DLP controls
Develop and maintain operational metrics reporting and runbooks to improve visibility consistency and response effectiveness
Stay up-to-day on information security trends and industry best practice approaches
Qualifications & Experience:
Degrees Diplomas & Certifications:
Bachelors degree in Computer Science Information Security or a related field
Relevant industry certifications are considered an asset including:
Certified Cloud Security Professional (CCSP) or similar cloud-focused certification
Years and Range of Experience Required to Perform the Job:
5 years of progressive experience in information security security operations threat detection incident response or related cybersecurity roles
Hands-on background investigating security events and incidents across multiple security domains
Proven ability to develop tune and validate detections in SIEM EDR/XDR or related security platforms
Strong working knowledge of cloud and SaaS security including Microsoft 365 and Azure (Sentinel Defender Entra ID); exposure to AWS or GCP is considered an asset
Practical understanding of identity and access management (IAM) concepts including user access reviews privileged access management or identity governance platforms
Demonstrated involvement in vulnerability management programs security assessments and operational security reporting
Familiarity with threat intelligence concepts indicators of compromise (IOCs) and threat landscape monitoring
Proficiency in scripting (e.g. PowerShell KQL Python) for automation detection development or log analysis is considered an asset
Background working with MSSPs managed detection and response providers or external security partners is considered an asset
Exposure to regulated industries (e.g. financial services banking) is considered an asset
While we thank everyone for their interest in Haventree Bank please note that only candidates selected for an interview will be contacted. Haventree Bank is committed to providing accommodation when needed. If you require an accommodation we will work with you to meet your needs.
As a job candidate our recruitment process includes collecting personal information. Please click the link here to review our Privacy Policy.Privacy Statement Haventree Bank