Previous Job
Information Security Consultant - Cloud
Ref No.: 17-04202
Location: Toronto, Ontario
Role: Information Security Consultant - Cloud (23037-1 (previously 22970-1))
Duration: 6MOS

Location: Toronto, ON

• The Cloud Security Assessor performs duties ranging from compliance to threat assessment. This role will act independently as a full time assessor with reporting duties to the Sr Mgr Cloud and AppSec under Strategy and Labs, the CISO, and Cloud Committees (Director and above). Duties include consulting for development teams during Agile and Waterfall development projects. There is no particular project per say, but more part of the assessment program. They can be supporting projects in various groups.

Daily Responsibilities:
• A typical day could involve attending or hosting status meetings to review progress on delivery against security objectives, reviewing business requirements and solution proposals to propose security requirements, reviewing designs, producing assessment report and discussing findings with leaders from front line to executive or solving other assorted information security challenges.
• Conduct business process reviews to understand current state business processes and how underlying applications support and enable these processes.
• Collaborate with business partners and stakeholders to identify and define high level and detailed security requirements.
• Review technical designs and solution proposals to propose or help identify viable, practical and cost effective solutions to security problems
• Demonstrate success in facilitating discussions with functional areas of the organization.
• Prepare gap, threat, and impact analysis documentation.
• Partner with testing resources to identify testing requirements.
• Proactively identify opportunities to utilize current or innovative technical solutions to improve business processes and/or products that provide additional revenue, cost savings or efficiency gains.
• The majority of their interactions will be with business analysts, development managers, project managers, business unit team member and other groups in IT and IS and their associated vendor partners as well as other assessment teams involved in risk management across the bank.

Must Have Skills:
• 10+ years of professional experience working in sole contributor security roles (operational, consulting and/or compliance) - somebody who has been in the security space, in various roles, not someone who is coming out of audit, HM wants someone who has done it. Not just someone who does compliance assessment, but has done security and has felt the impact of it.
• 3+ years assessing SaaS solutions
• 3+ years deploying, designing, or assessing solutions in AWS or Azure.
• Experience executing information or IT risk assessments using common industry techniques and standards (e.g. CSA's CCM, NIST standards, etc.) - come out of compliance to an operational security role or become an assessor. Someone higher level and is the "big picture " person.
• Experience running meetings while maintaining meeting minutes
• Extensive experience deploying or assessing complex Cloud solutions
• Mature threat and vulnerability identification skills with the ability to determine most likely threat by interest, capability and access
• Mature risk rating experience with the ability to recognize the risk given all relevant mitigating controls not just compute based on gap against industry best practice.

Nice to Have Skills:
• Systems Administration experience
• Security test development
• Bachelors in Computer Science
• Experience using Microsoft Office Suite for documentation and reporting objectives (Access, specifically)