What you’ll do
The Senior Security Specialist will identify, investigate, communicate, resolve and improve information security, risk and governance in IT investments that support our core organizational functions.
This role provides technical expertise to projects deploying new technology infrastructure or applications to ensure consistency with our corporate information security standards.
The successful candidate will provide leadership and be responsible for working with other technology teams to test and verify the implementation of security requirements, use various tools for vulnerability scans and assessments for both traditional systems implementation and development as well as ensure secure web application development techniques as we build out our eCommerce and web presence.
Other responsibilities include :
Through the use of security tools, standards, 3rd party testing, and general security best practices produce risk assessments of IT business projects
Work alongside projects to ensure IT General Controls are being addressed
Educate project resources on IT related security risks, controls and general awareness
Work with projects to ensure IT security risks are tracked and reported
Coordinate and compile evidence for project risk closures
Who you areWe are looking for high performing individuals who are :
Agile and innovative individuals, who are able to manage in an environment of change and ambiguity to help us take bold and strategic moves in this rapidly evolving retail environment
Creative thinkers who take initiative and are capable of building, launching and managing projects / programs that drive results for our customers
Problem solvers with the ability to analyze and prioritize to meet business objectives
Collaborative team players with superior influencing skills, who build relationships easily across various stakeholder groups to move initiatives forward
If you’re curious, ready to take on new challenges and open to doing things differently to help us evolve rapidly, then Canadian Tire is definitely the place to be.
What you’ve doneThe successful candidate will be able to demonstrate proficiency with :
Security governance frameworks, cyber security policies and standards
Documentation and communication skills to report to management and technical teams
Security vulnerability scanning tools for systems, applications, and web
OWASP concepts and their application
Application development and security management tools
Network and Security Appliances and Firewalls
Technologies Linux, Windows, AIX, databases, web or cloud based applications
Principles of independent security testing
IT risk and control frameworks, CobIT, NIST & ISO27001
Understand System Development Life Cycle (SDLC) process and agile methodologies
Knowledge of audit, IT operational and / or IT risk management experience
CISSP, CISA, CISM and / or CRISC designations would be an asset