Reports To: Team Lead, IT Risk & Security

Duration: 12-month contract

Effective: ASAP

About Us

REALTOR.ca is a cornerstone of Canada’s real estate market, dedicated to helping millions of Canadians find attainable housing across the country. As the leading real estate platform in Canada, we offer the most comprehensive listings and resources to assist consumers in finding their dream homes. At REALTOR.ca, we are committed to supporting REALTOR® members’ businesses and fostering consumer trust and loyalty. Our dedication to delivering value and continuously adapting to market demands ensures that REALTOR.ca is more than just a listing service- it is the heart of the Canadian real estate experience. Join us and be a part of a team that is at the forefront of the real estate industry, making a significant impact on the lives of Canadians every day.

Position Overview

The IT Risk and Security Operations Specialist is responsible for detecting, preventing, and remediating security threats and incidents through the implementation and management of preventive measures, controls, policies, and tools. This role also involves collaborating with other teams to protect the organization's infrastructure, systems, and data, ensuring compliance with security policies, and maintaining the overall security posture of the organization. It requires a strong understanding of cybersecurity principles, leadership skills, and effective incident response capabilities.

Core Competencies

• Attention to Detail: Keen eye for identifying anomalies and potential security threats
• Proactive: Ability to anticipate security issues and take preventive measures
• Flexibility, time management skills and ability to prioritize and deliver on time

Key Responsibilities

• Monitor Security Systems : Continuously monitor security alerts and events from various sources, including SIEM, firewalls, IDS/IPS and other security tools. Ensure timely detection and response to potential security incidents.
• Incident Response : Investigate and respond to security incidents, such as malware infections, unauthorized access, and other security breaches. Coordinate with other teams to contain and remediate incidents, ensuring minimal impact on operations. Document incidents thoroughly, conduct post-incident analysis to improve future response efforts, and develop, implement, and maintain comprehensive incident response policies and processes. Conduct regular tabletop exercises to test and improve these plans.
• Threat and Risk Analysis : Analyze and assess potential security threats, vulnerabilities, and risks to the organization. Conduct regular risk assessments to identify and prioritize risks. Provide actionable recommendations for improving security measures and mitigating identified risks. Stay informed about emerging threats and adapt strategies accordingly.
• Compliance: Ensure compliance with relevant security standards, policies, and regulations, such as SOC2, ISO 27001, CIS Controls, and NIST frameworks. Assist in internal and external audits and assessments, providing necessary documentation and evidence of compliance. Implement and maintain security policies and procedures to meet regulatory requirements.
• Regular Security Assessments : Conduct regular security assessments, including vulnerability scans, penetration tests, and security audits, to identify and address potential weaknesses. Use the findings to enhance the organization's security posture and reduce risk.
• Collaboration and Communication : Work closely with other teams and stakeholders to ensure security measures are integrated into all business processes. Communicate effectively to raise awareness and understanding of security policies and procedures.
• Continuous Improvement : Stay up to date with the latest security trends, technologies, and best practices. Participate in training and development opportunities to enhance skills and knowledge. Contribute to the continuous improvement of security processes and tools by providing feedback and suggestions based on hands-on experience and industry developments.
• Application Security: Collaborate with development and DevOps teams to integrate security into the software development lifecycle by conducting code reviews, threat modeling, and regular static and dynamic application testing. Ensure applications and APIs are protected against common risks such as the OWASP Top 10, while also managing the security of third-party libraries, APIs, and open-source components. Drive the adoption of DevSecOps practices by embedding automated security checks into CI/CD pipelines, and recommend hardening measures for application servers, middleware, and containers to strengthen the overall security posture.
• Reporting: Prepare and present detailed reports on security incidents, trends, and the overall security posture to management and other stakeholders. Use these reports to highlight areas of concern, track progress on security initiatives, and support decision-making processes. Develop metrics and KPIs to measure the effectiveness of security controls.

Skills & Qualifications

Education & Experience

• University or college degree in IT or related field. Master’s Degree in Cybersecurity is plus
• Minimum of 5 years of experience in a GRC, Risk Assessments or similar role
• Working experience in Big 4 is a plus but not mandatory for the application
• Relevant certifications such as CISSP, CISM, CCSP or equivalent are highly desirable
• CISA certification or previous experience is a plus

Technical Skills

• Strong knowledge of cybersecurity principles, attack vectors, practices and technologies
• Ability to respond effectively to security incidents and manage crisis situations.
• Hands-on experience with enterprise-grade security platforms such as Imperva (web application firewall and data security), Microsoft Defender Console (endpoint and threat protection), Netskope (CASB and SSE), and Palo Alto Networks solutions (next-generation firewalls, Prisma Cloud, and security services).
• Experience with security information and event management systems (SIEM)
• Experience with security orchestration, automation and response systems (SOAR)
• Experience with risk management frameworks (CIS, NIST and SANS)
• Experience with IAM, RBAC, access control, and network security, PAM and PIM
• Experience with cloud infrastructure security architecture, configurations, and controls
• Experience performing vulnerability assessments and threat hunting and modeling
• Experience with intrusion detection/prevention systems (IDS/IPS) and firewalls.
• Experience with endpoint protection, detection and response solution ns EPP, EDR, XDR
• Experience with ZTNA, NGFW and cloud firewalls.
• Experience with vulnerability management systems
• Experience with secure configuration management.
• Experience with Network infrastructure, switches and firewalls
• High competence in the following systems, tools and technologies:
• Windows server operating systems (OS, AD, FS, GPOs)
• Python, PowerShell and Azure command line
• Network security protocols TCP/IP/DHCP/DNS/VLAN/VPNs, SSL/TLS, IPsec
• RADIUS, LDAP, ADAL, SSL, SSO, MFA
• A mind-set towards integration, automation and continuous improvement
• Ability to work with minimum supervision
• Work outside of business hours as needed.

About the Team:

We are a diverse and talented group of professionals passionate about technology and innovation. We value collaboration, creativity, and continuous learning. As a part of the development team, you will join a supportive team that encourages knowledge sharing and professional growth. We foster a positive and inclusive work environment where all team member’s contributions are valued.

Company Culture:

At REALTOR.ca, we pride ourselves on our dynamic and inclusive company culture. We believe that a great workplace is built on mutual respect, open communication, and a shared commitment to excellence. Our team enjoys a flexible work environment that promotes work-life balance, with options for remote work and flexible hours. We also offer opportunities for professional development and career advancement, ensuring that our employees can grow alongside the company.

We thank all applicants for their interest; however, only those under consideration for the role will be contacted.

At REALTOR.ca, we are committed to fostering an inclusive, barrier-free and accessible environment. Part of this commitment includes arranging accommodations to ensure an equitable opportunity to participate in the recruitment and selection process. If you require an accommodation, we will work with you to meet your needs. As an equal opportunity employer, we value the unique perspectives and experiences that each team member brings.