Bank Information Security Specialist

Job Description

Function Description:

The Bank Information Security Specialist function resides within the Business Information Security Officer (BISO) organization and is responsible for information security control enforcement, cybersecurity awareness, reporting and enablement for the Bank of Canada. The Information Security Specialist will report to the Director, Bank Information Security Officer for American Express Bank of Canada.


•Assist with the interconnection between core enterprise information security functions and the Bank of Canada

•Contribute to the first line information security risk management and reporting in partnership with the Risk organizations ABC.

•Assess the design effectiveness and operating effectiveness of information security controls upon which the Bank of Canada relies to protect Confidentiality, Availability, and Integrity of Information and System

•Identify, scope, and investigate new information security risks

•Deliver leadership reporting and risk metrics that demonstrate the effectiveness of the cyber security program to ABC.

•Consult on Business & Technologies projects to ensure appropriate security protection is delivered as part Bank solutions

•Craft responses to audit and examination requirements for the BISO function

•Operate as part of the extended Information Security team in support of all security and compliance initiatives

•Actively contribute to the Bank of Canada Information Security Risk Working Group and management of the inherent and residual cybersecurity risk profile of the bank


•Bachelor’s degree in computer science, information systems, network security or other related field. Master’s degree preferred

•Professional certifications (CISSP, CRISC, CISA, PCI, CISM or equivalent)

•At least 5 years’ work experience in information security

•Technical background with hands-on experience across a variety of technologies

•Proficiency in information security, risk management and audit (risk/security policies, procedures and controls)

•Thorough knowledge of American Express technology processes and controls and a deep understanding of risk and control frameworks e.g. FAIR, NIST, ISO, PCI DSS,

Required Knowledge/Skills/Capabilities:

•Requires knowledge of a minimum of several business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; cloud security; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance

•Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques

•Knowledge of applicable information security standards and regulatory requirements

•Excellent written and oral communication skills

•Highly self-motivated and directed

•Keen attention to detail

Behavioral Skills/Capabilities:

•Enterprise Leadership Behaviors

•Set The Agenda: Define What Winning Looks Like, Put Enterprise Thinking First, Lead with an External Perspective

•Bring Others With You: Build the Best Team, Seek & Provide Coaching Feedback, Make Collaboration Essential

•Do It The Right Way: Communicate Frequently, Candidly & Clearly, Make Decisions Quickly & Effectively, Live the Blue Box Values, Great Leadership Demands Courage  

ReqID: 19015342
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Oct 8, 2019, 3:05:42 PM