About the role
Position: Information Security Specialist
Location: Toronto, ON (hybrid)
Duration: 12 Months to start, with potential extensions
Language: English
Overview:
The VRO (Vulnerability Remediation Office) supports the Bank's security and regulatory objectives by ensuring vulnerabilities within Infrastructure & Engineering (I&E) are remediated in a timely, compliant, and operationally sound manner. It also ensures I&E patching teams remain in compliance with all internal, regulatory, and applicable standards.
Job Description Summary
Members of the VRO-Shared Centre of Excellence team are responsible for leading I&E involvement in risk partner assessments and supporting I&E teams with the execution of activities closely tied to the Patching Standards and the Technology Risk Management, Governance and Oversight Framework.
The Information Security Specialist, VRO-Shared Centre of Excellence, supports definition, development and/or implementation of I&E-related Technology Controls / Information Security related policies, programs, tools and provides specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect the Bank. May participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level for the VRO. The role is expected to focus largely on regulatory, audit, and enterprise-impacting activities.
Responsibilities:
-
Lead on Regulatory and Internal Audit compliance requirements, reporting and questions for the VRO
-
Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities
-
Provide support and consultation in preparation for Operational Risk Management assessments and in composing management responses and appropriate remediation activities
-
Provide support and consultation in composing management responses and appropriate remediation activities for First Line control exceptions and Self-Declared findings
-
Provide consultation and advice to partners on a broad range Technology Controls / Information Security programs / policies / standards and incidents for I&E-VRO
-
Conduct project consulting on assessment of risk, definition of required controls, appropriateness of implemented control procedures, vulnerability assessments and any other relevant areas
-
Lead or contribute to completion of risk and control design assessments for VRO activities, articulate and document impact of control gaps to the business and the overall Bank, risk mitigation and remediation plans, remediation strategy document as applicable
-
Adhere to internal policies / procedures, technology control standards, and applicable regulatory guidelines
-
Lead the review of internal processes and activities and assist in identifying potential opportunities for improvement
-
Adhere to and advise on / oversee / monitor / enforce enterprise frameworks and methodologies that relate to technology controls / information security activities - With a specific focus on I&E Patching Standards and teams
-
Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
Additional Details:
-
Expert knowledge of IT security and risk disciplines and practices
-
Expert knowledge of audit and regulatory reviews
-
Advanced knowledge of organization, technology controls / security/ risk issues
-
May participate on complex, comprehensive or large projects and initiatives
-
Acts as a lead expert resource in technology controls / information security/audit and regulatory exams for project teams, the business / organization and/or outside vendors
-
Generally reports to Senior Manager or above
Requirements:
-
University degree or equivalent experience
-
Information security certification (e.g. CRISC, CISM, CISA, CISSP)
-
Extensive experience with risk partner engagement (including ORM, Audit, and Regulators)
-
Experience with testing of technology controls
-
Experience with development and management of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
-
Excellent knowledge of cybersecurity industry control standards
-
Experience developing and managing issue remediation plans
-
Familiarity with various GRC platforms and alternative tracking methods (e.g. SharePoint, Confluence, JIRA)
-
7+ years of relevant experience
#IndKyn
**Please note this is for a contract position with one of our clients and not a fulltime employment role with Kyndryl Canada**
Not the right fit? Search for Information Security Specialist jobs in Toronto, ON
About Kyndryl
We have the world’s best talent that design, run, and manage the most advanced and reliable technology infrastructure each day. Together, we think holistically about the health of these vital technology ecosystems.
We are a focused, independent company that builds on our foundation of excellence by creating systems in new ways. Bringing in the right partners, investing in our business, and working side-by-side with our customers to unlock potential. We're raising the bar.
Our experience speaks for itself: We have 90,000 highly skilled employees around the world serving 75 of the Fortune 100. But our purpose is what drives us: Advancing the vital systems that power human progress. Because when a digital ecosystem is healthy, it can more readily adapt and support continuous growth and that opens up a world of possibility for everyone.
Together, we are the heart of progress.
Similar Jobs
About the role
Position: Information Security Specialist
Location: Toronto, ON (hybrid)
Duration: 12 Months to start, with potential extensions
Language: English
Overview:
The VRO (Vulnerability Remediation Office) supports the Bank's security and regulatory objectives by ensuring vulnerabilities within Infrastructure & Engineering (I&E) are remediated in a timely, compliant, and operationally sound manner. It also ensures I&E patching teams remain in compliance with all internal, regulatory, and applicable standards.
Job Description Summary
Members of the VRO-Shared Centre of Excellence team are responsible for leading I&E involvement in risk partner assessments and supporting I&E teams with the execution of activities closely tied to the Patching Standards and the Technology Risk Management, Governance and Oversight Framework.
The Information Security Specialist, VRO-Shared Centre of Excellence, supports definition, development and/or implementation of I&E-related Technology Controls / Information Security related policies, programs, tools and provides specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect the Bank. May participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level for the VRO. The role is expected to focus largely on regulatory, audit, and enterprise-impacting activities.
Responsibilities:
-
Lead on Regulatory and Internal Audit compliance requirements, reporting and questions for the VRO
-
Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities
-
Provide support and consultation in preparation for Operational Risk Management assessments and in composing management responses and appropriate remediation activities
-
Provide support and consultation in composing management responses and appropriate remediation activities for First Line control exceptions and Self-Declared findings
-
Provide consultation and advice to partners on a broad range Technology Controls / Information Security programs / policies / standards and incidents for I&E-VRO
-
Conduct project consulting on assessment of risk, definition of required controls, appropriateness of implemented control procedures, vulnerability assessments and any other relevant areas
-
Lead or contribute to completion of risk and control design assessments for VRO activities, articulate and document impact of control gaps to the business and the overall Bank, risk mitigation and remediation plans, remediation strategy document as applicable
-
Adhere to internal policies / procedures, technology control standards, and applicable regulatory guidelines
-
Lead the review of internal processes and activities and assist in identifying potential opportunities for improvement
-
Adhere to and advise on / oversee / monitor / enforce enterprise frameworks and methodologies that relate to technology controls / information security activities - With a specific focus on I&E Patching Standards and teams
-
Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
Additional Details:
-
Expert knowledge of IT security and risk disciplines and practices
-
Expert knowledge of audit and regulatory reviews
-
Advanced knowledge of organization, technology controls / security/ risk issues
-
May participate on complex, comprehensive or large projects and initiatives
-
Acts as a lead expert resource in technology controls / information security/audit and regulatory exams for project teams, the business / organization and/or outside vendors
-
Generally reports to Senior Manager or above
Requirements:
-
University degree or equivalent experience
-
Information security certification (e.g. CRISC, CISM, CISA, CISSP)
-
Extensive experience with risk partner engagement (including ORM, Audit, and Regulators)
-
Experience with testing of technology controls
-
Experience with development and management of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
-
Excellent knowledge of cybersecurity industry control standards
-
Experience developing and managing issue remediation plans
-
Familiarity with various GRC platforms and alternative tracking methods (e.g. SharePoint, Confluence, JIRA)
-
7+ years of relevant experience
#IndKyn
**Please note this is for a contract position with one of our clients and not a fulltime employment role with Kyndryl Canada**
Not the right fit? Search for Information Security Specialist jobs in Toronto, ON
About Kyndryl
We have the world’s best talent that design, run, and manage the most advanced and reliable technology infrastructure each day. Together, we think holistically about the health of these vital technology ecosystems.
We are a focused, independent company that builds on our foundation of excellence by creating systems in new ways. Bringing in the right partners, investing in our business, and working side-by-side with our customers to unlock potential. We're raising the bar.
Our experience speaks for itself: We have 90,000 highly skilled employees around the world serving 75 of the Fortune 100. But our purpose is what drives us: Advancing the vital systems that power human progress. Because when a digital ecosystem is healthy, it can more readily adapt and support continuous growth and that opens up a world of possibility for everyone.
Together, we are the heart of progress.