Senior Information Security Advisor - Tangerine 218020

Requisition ID: 218020

Tangerine is Canadas leading direct bank. We offer flexible and accessible banking options innovative products and awardwinning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities and that includes our own internal community. Its important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.

The Team

ScotiabanksSecurity Advisory Services team is responsible for providing advisory services to Tangerine Bank and its business lines subsidiaries and affiliates enabling the achievement of the Banks Information Security as it continues to move to the Public Cloud.

The Role

Reporting to the Senior Manager of Security Advisory (Tangerine) the Senior Information Security Advisor provides guidance to business lines to ensure design development and implementation of complex cloud projects and initiatives are in accordance with the Banks Information Security Standards and in compliance with industry regulations. In this senior role you will be supporting various business lines while assisting them in making informed decisions to protect information assets deployed in Public Clouds environments.

Is this role right for you In this role you will:

• You have a strong experience leading complex projects providing security advise to ensure information security risk are mitigated.

• You thrive in solutioning for multiple security domains (Application Security Data Protection Cloud Security Engineering Identity and Access Management Cloud Security Architecture Network Security Risk Management etc. and knowledgeable of Zero Trust Architecture principles.

• You have experience in solutioning security architecture for Public Clouds creating and reviewing security patterns and advising on security risks.

• You are proficient in reviewing architecture and solution design documentation and can identify and assess potential risks.

• You excel in reviewing Technical Design and Security Design documents and creating assessment documents (Threat Risk Assessment) and evaluating risks.

• You are passionate about new technologies and enjoy the challenges of implementing security controls to protect them.

• Working on different types of projects (from large complex to simple) is a part of your DNA.

• You love to collaborate with various business lines IT support functions and IS&C Control functions.

Key Job Accountabilities:

• Providing the following functions to Tangerine/Scotiabanks Cloud Initiatives: Conducting Threat Risk Assessments and performing security advisory work on specific applications and infrastructure associated with Scotiabanks Cloud and other initiatives ensuring that controls are adequate meet Bank standards and enable business objectives.

• Conducting Risk Management activities.

• Provide Quality Assurance on Threat Risk Assessments and Threat Modelling as required for Cloud initiatives.

• Provide strategic guidance and technical expertise on cloud security solutions and recommend best practices.

• Conduct comprehensive security assessments on large highprofile cloud initiatives implemented in GCP and Azure.

• Collaborate with crossfunctional teams to design and implement robust security architectures for various systems applications and networks.

• Evaluate existing security solutions and propose enhancements or new designs to address emerging threats and business requirements.

• Ensure alignment with industry best practices compliance standards and organizational security policies.

• Identify security weaknesses vulnerabilities and gaps in existing systems and recommend remediation strategies.

• Provide support on how to apply the Banks portfolio of standards to the technology footprint of Scotiabanks Cloud offering.

• Provide oversight over the specific line of business security posture ensuring that all tools available to detect and remediate security risks have been applied.

• Conduct industry reviews and benchmarking exercises to ensure our controls are aligned with our peers emerging threats and available mitigation strategies.

• Working directly with technical leads from assigned Lines of Businesses supporting their initiatives from an Information Security perspective.

• Providing relationship management function primarily to the Enterprise Cloud team from an Information Security perspective.

Do you have the skills that will enable you to succeed in this role Wed love to work with you if you have:

• Postsecondary education in Computer Science or in a related field.

• You have at least 5 years of handson technical working experience in performing security assessments on cloud platforms CI/CD deployment pipelines network infrastructure and complex applications. Experience with Risk Assessments of applications migrated into the Cloud Environments.

• You have at least 6 years experience in security solution architecture software development and/or handson experience with implementations of cloud environments security controls and cloudbased solutions.

• You are a strong communicator and capable of creating clear documentation.

• You have solid knowledge of cloud technologies and cloud security (GCP or Azure or AWS Kubernetes and IAM CI/CD pipelines Terraforms infrastructure as a code).

• Experience with GCP and Kubernetes is a strong asset.

• Experience with tools used in securing cloud deployments such as CNAPP CSPM CWPP etc.

• You have cloud security engineering or cloud solution architecture certifications from Google Microsoft or AWS.

• You have used industry leading productivity tools to produce quantitative/qualitative reports data flow diagrams & visual presentations.

• Certifications (CISSP CISM CCSP CRISC) are nice to have.

• Familiar with industry standards and frameworks e.g. NIST 80053 ISO 27001 ISO27002 ISO 27017 ISO27018 PCI DSS CIS.

• You possess advanced communication (verbal/written/presentation) skills in English. Knowledge of Spanish is an asset.

Whats in it for you

• You will be part of a diverse and inclusive team of Clientfocused gogetters looking to learn from each other in an environment that celebrates and recognizes success!

• You will have access to thousands of online and inperson courses so you can shape your career growth with support from diverse industry leaders.

• You will get our help to save for your future and to invest in your total wellbeing through our Tangerine benefits*.

• You belong here and we are equal and uncomplicated. Bring your true self to work dress codes dont apply here.

• You will enjoy workspace flexibility and all the excitement that comes from working at the official Bank of the Toronto Raptors

Working location condition: Hybrid

#LIHybrid

Location(s): Canada : Ontario : Toronto

At Tangerine we value the unique skills and experiences each individual brings to the team and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process please let our Recruitment team know.