Intermediate Security Control Tester - 15800

Intermediate Security Control Tester - 15800

Location: Toronto (Fully Remote with occasional office visits quarterly; preference for candidates in Ontario, but open to others across Canada)

Contract Duration: 1 year contract

Schedule: Monday to Friday, 9:00 AM - 5:00 PM (37.5 hours/week)

Story Behind the Need

We’re looking for a Information Control Testing Specialist to join our Enterprise Technology & Services team. In this role, you are expected to be part of the team which will work with different service areas within ETS and serve as a trusted partner and domain expert to the business and help them protect their information assets. Participate in critical global projects and initiatives to ensure Information risk is always appropriately managed, perform security risk assessments and consulting on various projects & implementation of tools or services. Work closely with infrastructure, development, application teams on implementation of security controls to ensure the integrity of information security policies, procedures and standards; also report to senior management on the efficiency of such controls.

Responsibilities:

• Assisting project teams with identifying and validating security requirements or leading the completion of information risk assessments.
• Performing in-depth risk assessments on projects from technical security perspective to ensure that the security safeguards and controls are in-line with Manulife Security policy and standards.
• Providing input and recommendations to the ETS Service Areas on information security requirements and standard methodologies.
• Working with the ETS Service Areas on Go Live Acceptance Reviews for new infrastructure & services associated with that.
• Reporting on risk assessments in accordance with internal requirements.
• Take on other information risk management tasks as required

Candidate Requirements/Must Have Skills:

• 5 years of relevant information security and information risk management experience.
• Solid understanding and experience in the following areas: Security architecture and controls in various infrastructure platforms (i.e. Windows, Unix, RH Linux, Virtual hosting, networking, end user technology, cloud computing including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)).
• Security systems such as privilege management system, SIEM/big data solution for security monitoring, NAC, vulnerability management solution and operating model, PKI/Encryption technology, APT solutions (FireEye, Z-scaler), Firewall/IPS, WAF etc., Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
• Knowledge of application security standard methodologies such as secure coding, security testing techniques
• Working experience with Cloud platforms such as Azure, AWS or GCP; Windows and related services (i.e. Active Directory, DNS, IIS, MSSQL), Active Directory Federated Services and Protocols (i.e. ADFS, SAML); Collaboration and messaging platforms (i.e. Office 365, SharePoint)

Nice-To-Have Skills:

• Understanding of AI technologies and their deployment models

Education:

• Bachelor’s degree in computer science, technology, or a related field

• Certifications such as CISSP, CISA, CISM, or CEH are considered an asset

Best vs. Average: Ideal candidate is someone with strong practical understanding of risk management and implementation. Solid grasp of security fundamentals and ability to assess and communicate risks effectively. Candidates with a robust risk management background will be considered

Candidate Review & Selection

# Step Process: virtual - 1-2 interviews