Founded in 1846, Laurentian Bank Financial Group (LBCFG) is a diversified financial services provider whose mission is to help its customers improve their financial health.
The Laurentian Bank of Canada and its entities are collectively referred to as Laurentian Bank Financial Group (the "Group" or the "Bank").
With more than 2,900 employees guided by the values of proximity, simplicity and honesty, the Group provides a broad range of advice-based solutions and services to its personal, business and institutional customers.
With pan-Canadian activities and a presence in the U.S., the Group is an important player in numerous market segments.
This role sits within LBC Tech, a subsidiary of Laurentian Bank Financial Group.
The incumbent is responsible for managing and maintaining the security operations, Audits and Incident Management.
Reports to : VP, Cybersecurity
Direct Reports : 4 - 6 ; Indirect Reports : 1 - 2
ºAudits (Internal and external) : Liaise and coordinate with the Bank's various IT teams, Business, Audit, Risk, and Governance teams to ensure timely response & remediation to internal and external audit findings.
ºEnsure Incident management readiness, through process updates, playbooks creations, and tabletop exercises.
ºSupervise the projects under Security Action plan to ensure within budget and on time delivery
ºEnsure architectural review and approval of the IT services and systems at the time of procurement or renewal
ºManage (Identify, prioritize, remediate, transfer or accept) IT risks with attention to the risk associated with Remote access, Vendors and 3rd parties.
ºReview and enhance the effectiveness of security controls aligned with MITRE attack frameworks. Guide Threat and vulnerability management team in profiling threat actors, continuously looking for Indicators of compromise (IOCs) and ensure effective remediation of threat by quarantining or deleting IOCs.
ºDesign, report, monitor Key Performance Indicators related to Security Vulnerabilities remediations, threat profiling and cyber threat mitigation.
ºManage external penetration testing and threat assessment with external vendors. Analyse and action findings where required.
ºProvide timely reporting on security compliance and make recommendations for increased security process efficiency and effectiveness.
ºUniversity degree in a related field (Computer Science, or engineering) and 6 to 10 years of experience, including 2 to 3 years of experience in a management role.
ºAt least one but preferably a couple of the following certifications : CISM, CISA, CRISC and CISSP.
ºStrong knowledge of NIST, MITRE ATT&CK framework and OWASP
ºExperience in security threats and vulnerability management that include Threat profiling, assessing impact and remediation and reporting of vulnerabilities.
ºThorough understanding of networking (Switches, routers, firewalls, Load balancers, MFA) operating systems and intrusion detection / prevention and firewall technologies.
ºStrong verbal and written communication skills; bilingual (English / French) is an asset.
We are proud to be an equal opportunity employer and are committed to fostering an inclusive and accessible work environment that reflects the diversity of our customers and our communities.
We welcome and encourage applications from individuals from all groups, including Indigenous people, women, visible minorities, and persons with disabilities, regardless of race, national or ethnic origin, colour, religion, age, sex, sexual orientation, gender identity or expression, marital status, family status, genetic characteristics, disability or any other legally-protected ground.
Accommodations for persons with disabilities are available upon request for job applicants taking part in all aspects of the recruitment process.