Information & Cyber Security Specialist

Benefits

Top-tier health and wellness benefits, including comprehensive benefits packages, a yearly health spending account and personal spending account

Enhanced mental health benefits through Sun Life and TELUS Health

Up to $1000 per year towards professional development

Pension Plan

Flex-work environment

Company-wide Employee Volunteer program (Blue Wave Program)

Employee and Family Assistance Program

Why First Ontario?

Competitive compensation packages

Top-tier health and wellness benefits, including comprehensive benefits packages, a yearly health spending account and personal spending account

Enhanced mental health benefits through Sun Life and TELUS Health

Exclusive banking benefits

Up to $1000 per year towards professional development

Pension Plan

Flex-work environment

Company-wide Employee Volunteer program (Blue Wave Program)

Employee and Family Assistance Program

Job Overview
We are seeking a highly skilled and experienced Information and Cyber Security Specialist to join our IT Security team. This senior-level role is critical to enhancing our enterprise security posture through leadership in risk management, compliance, and secure project delivery. You will work cross-functionally to embed security into business processes and technology initiatives, ensuring alignment with regulatory standards and organizational requirements.

Key Responsibilities
Security Leadership

Aid in the development and implementation of enterprise-wide information security strategies.

Provide expert guidance on secure architecture, design, and principles during IT and business project life cycles.

Act as a security advisor for technology initiatives, ensuring alignment with best practices and compliance requirements.

Participate in the execution of an enterprise Business Continuity Plan and Disaster Recovery Plan.

Risk Management & Compliance

Conduct information security risk assessments and threat modeling.

Contribute and manage risk registers and mitigation plans.

Ensure compliance with regulatory frameworks (e.g., ISO 27001, NIST, PCI-DSS, FSRA/OFSI, PIPEDIA/CPPA).

Support internal and external audits and lead remediation efforts.

Governance & Policy Development

Contribute to information security policies, standards, procedures, and guidelines.

Collaborate on IT Governance, Risk, and Compliance (GRC) initiatives.

Monitor, respond, and report on security KPIs and KRIs.

Monitor for security policy violation(s) and recommend corrective action(s).

Security Operations & Incident Response

Oversee the configuration and monitoring of security technologies (SIEM, EDR, CASB, IDPS, firewalls).

Lead investigations of complex security incidents and coordinate response and recovery.

Conduct root cause analysis and develop post-incident improvement plans.

Escalate and report on key incidents and progress of remedial efforts to their manager

Provide on-call support for end users for all security solutions (e.g. Blocked email).

Vulnerability & Threat Management

Perform advanced vulnerability assessments and penetration testing.

Collaborate with teams to prioritize and remediate findings.

Stay current with emerging threats and security technologies and propose process or technology improvements for continuous improvement.

Participate in the design and execution of penetration tests and security audits.

Awareness & Training

Design and deliver targeted security awareness programs.

Lead quarterly audits including access reviews and privileged account management.

Physical & Data Security

Oversee physical security systems (access control, surveillance).

Support data classification, protection, and data governance initiatives.

Perform other duties as assigned.

Required Skills

College diploma or university degree in the field of computer science

5-7 years of progressive experience in IT and Information Security roles

Actively pursuing or currently possess one or more of the following certifications:

GIAC Information Security Professional (GISP)

Microsoft Certified:
Security Operations Analyst Associate

CAP, CISA, CCFP, CCSP, CISSP, CISM, GIAC

Associate of (ISC)2

Proficient with SEIM, Firewalls & data classification

Proficient with endpoint detection and response (EDR), CASB, IDPS and…