Requisition ID: 95509
Tangerine is Canadas leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. Its important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.
The Information Technology (IT) department manages the technology and computer infrastructure that drives Tangerines business systems. The IT department supports the organization in these critical areas: End-User Technical Support, Desktop Management, Network Management, Voice and Data Communications, Business and Web Applications and Strategic Technical Planning.
Senior Application Security Specialist
The Senior Application Security Specialist is responsible for many aspects of Tangerines Cyber Security portfolio. The incumbent will be responsible for leading programs such as the Application Security, Vulnerability/Patch Management, Threat Risk Assessment and the Data Loss Prevention programs. The Specialist will utilize a risk-based approach in order to produce substantiated, relevant data to be utilized within a regularly produced security dashboard. The Senior Application Security Specialist will report directly to the Senior Manager of Cyber Security and Security Operations.
Is this role right for you?
Act as core competency and reference for enterprise wide Information Security governance, risk management, advisory, and compliance
Act as core competency and reference for security requirement and controls for enterprise SDLC, Agile, DevOps and Cloud Security strategy plan and implementation
Lead security architecture for various cloud-based initiatives, while working with enterprise architects, product owners and project managers
Design, define and improve cyber security procedures and processes to meet and facilitate various business requirements and enforce compliance based on Scotia policies and standards
Define and implement security requirement, controls, processes/procedures for Agile SDLC and CI/CD pipeline
Provide security advisory service with respect to Scotia policies, standards, procedures and major industry regulations for on-premises and cloud enterprise infrastructure and applications.
Understand the banks diverse business units and ability to work with diverse groups, while interpreting technical context into common business language.
Develop security implementation plans for enterprise projects, infrastructure, applications and operations. Address and resolve complex technical problems that will have impact on integration engagements.
Guide and support team members on undertakings including vulnerability management, compliance configuration management, deviation management, Application security, Pentest, Data loss protection, phishing and etc.
Foster and Promote security awareness and security culture among all levels of stakeholders of the bank in day-to-day projects and operations.
Responsible for conducting and reporting on Application and Infrastructure vulnerability assessments.
Responsible for the coordination and execution of security scans performed by both Bank and third party resources. (SAST, DAST, Open Source, Pentest etc.)
Reviews and analyzes usage reports to identify, investigate and resolve any irregularities.
Aggregate large amounts of data from multiple sources and create actionable, quality reporting and analysis.
Prepares monthly and quarterly statistical reports that summarizes security activities and tasks performed by the security group.
Do you have the skills that will enable you to succeed in this role?
Must have solid understanding and experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application and networking, in both traditional datacenter and cloud environment.
Must have advanced security knowledge and experience with respect to enterprise architecture, networking, infrastructure, systems and applications.
Able to work at three levels – Strategy, design and hands on technical.
Strong knowledge on application development life cycle SDLC, Agile, DevOps, CI/CD with concept on GitHub, Artifactory, Jenkin, micro-service, infrastructure as a code etc.
Sound knowledge of Google Cloud Platform and cloud technologies Docker, containers, Kubernetes, IaaS/PaaS/CaaS/SaaS
Must have excellent knowledge of different areas of IT operations / processes (change mgmt., release mgmt.), and able to define/design security process to meet business requirement.
Be able to interact with lines of business, and have a sense of business acuity and agility
Highly collaborative and pro-active, effective and efficient operational skill
Ability to learn new technologies, techniques and processes.
Very high-level consulting and analytical skills and persistence up till an agreed solution
Lead independently for the team, operations and projects
Proven ability to meet deadlines for multiple assignments and adapt quickly to changing priorities.
Strong Knowledge of the financial industry regulation OSFI, PCIDSS, and frameworks ISO27001/27002, SOC2/SOC3.
Strong knowledge and understanding of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Open Source Analysis, Pentest, Compliance scanning methodologies and solutions.
Strong Microsoft Office software skills particularly Excel, Word, Visio and PowerPoint
University or College Degree or equivalent experience
IT Security designation (CISA/CISSP/CISM/CIA/ CEH/SANS GIAC, CSSLP, CASS) will be an asset
What’s in it for you?
We have an inclusive and collaborative working environment that encourages creativity, curiosity, and celebrates success!
Dress codes don’t apply here, being comfortable does
Access to thousands of online and in person courses so you can brush up on skills or learn new ones
Career progression opportunities. We hire you for your talent and not just for the job. We want to see you succeed not just in your role but in your career as a whole
We offer a competitive total rewards package that includes a base salary, a performance bonus, company matching programs (on pension & profit sharing), vacation, personal & sick days, paternity/maternity leave, medical, vision and dental benefits and much more
Location(s): Canada : Ontario : North York
At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know.