The Questrade Technology Group (QTG) is home to a unique environment, where our culture thrives and, most importantly, we get stuff done! Questrade is continuing with its digital transformation initiative, and our infrastructure footprint is growing beyond our data centers and into the Google Cloud Platform, on an exciting strategy that is driven by business value.
Join us to help leverage the data we have, as we solve exciting challenges such as building out new models, algorithms and solving complex business problems to grow and deliver customer-centric solutions in a multi-product/multi-channel financial services environment.
What’s it like working as a Senior Information Security Analyst at Questrade?
IT Security Specialist is expected to deliver sustainable, measurable results in the following areas:
- Transforming information security programs. Security program management helps understanding the multiple security challenges that confront the firm every day. The Senior Information Security Analyst will help to effectively balance people, processes and technology — enabling better security and risk decisions, and a reduction in the cost of managing overall security risk.
- Identifying and responding to cyber threats. With reputation and brand on the line, companies can’t afford to be compromised. A company's infrastructure and data need to be safeguarded before something happens — not just repair the damage after it’s been done. Senior Information Security Analyst will be primarily involved in defining and implementing Data Protection (DP) Program including building a DP Program foundations, solution design and implementation and fine-tuning, metrics and reporting.
- You will be required to be well-versed in all aspects of cyber security with focus on data protection, PII and privacy including data and information classification and profiling, database architecture, configuration and hardening, unstructured data configuration and hardening
- You will assist in educating the company and its employees about data protection and privacy, and conducting regular security audits.
- Demonstrate ability to find and then surface problems and opportunities with the team. Analyze key data issues, patterns, and trends to identify implications.
- Execute procedures, perform detailed data analysis, reach conclusions, document results, and suggest ideas for efficiencies, identify opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios
- Recognize relevant issues and assess the risks associated, and facilitate remediation of identified vulnerabilities across the enterprise, perform assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management Program
- Take full responsibility for tasks including constantly reviewing your own work to identify and improve your own approach for producing quality work products. Complete work in a timely manner and take responsibility for all work outputs.
- Develop rapport with others by demonstrating an understanding of their concerns, needs and issues and focus on developing an internal network of relationships that can provide advice and support.
- Provide feedback to the broader IT team about new or emerging technologies and threats and relevant clients. Seek, develop, and present ideas to the team.
- Utilize technology and tools to continually learn and innovate, share knowledge with team members and enhance security posture.
- Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field required
- 7-10 years IT security or information security experience with a proven ability to engage with Senior Management and auditors
- 4+ years experience in administering IT security controls in an organization.
- Prior experience working within a financial service organization preferred
- Certified Information Systems Security Professional (CISSP), or related certification
- Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
- Must possess capabilities in the following: data security & governance, PII and privacy protection, data risk assessment and data loss prevention.
- Previous experience in implementing data protection programs, including defining data asset inventory, data flows, infrastructure mapping, data discovery and high value data assets identification, database configuration auditing, encryption methods and key management.
- Experience with the data loss prevention (DLP) solutions/tools: endpoint, network and cloud (Google cloud platform is preferred).
- Experience in defining metrics and KPIs, implementing cybersecurity/risk dashboards
- Strong written and verbal communication, presentation and technical writing skills, coupled with a strong interest in further developing Cyber Security skills
- Ability and comfort level researching current and emerging issues, including regulations, industry practices, and new technologies
- Excellent teamwork skills
- Multi-task with minimum supervision, uphold commitments made
- Self-learner capable of independent study of new concepts and tools
- Flexible working hours
- A competitive salary and good compensation package
- Possibility of partial remote work
- Best hardware
- A masseur and a corporate doctor
- Healthcare & sport benefits
- An inspiring and comfy office