Information Security Analyst

As a Business Unit Security Officer (BUSO) within the Information Risk Management team under Global Wealth Asset Management (GWAM) Information Technology First Line of Defense, you will play a critical role in safeguarding the organization’s IT environment. The Information Security Analyst involves conducting risk assessments for new and existing applications, infrastructure, and platforms—both on premises and cloud-based. You will be responsible for identifying threats, evaluating their potential impact, validating appropriate protection measures, providing security advisory to stakeholders, and leading cross-functional collaboration to address complex information risk concerns.

Position Responsibilities:

• Perform information risk assessments in compliance with the global Information Risk Assessment methodology, policies, and standards.
• Ensure each completed information risk assessment is peer-reviewed and communicated to various stakeholders.
• Develop and enhance security requirements for DevOps environments and collaborate with developers, engineers, and support teams to help implement those requirements in applications, CI/CD pipelines, container workloads, etc.
• Provide training and advise key stakeholders on requirements, processes, standards, and best practices around information security and risk management.
• Respond to audits, second line of defense review, regulatory reviews, risk and control self-assessments.
• Lead and facilitate cross-functional discussions to resolve information risk concerns, ensuring alignment with company standards across technology, business, and risk stakeholders.
• Provide ad-hoc support for ServiceNow (SNOW) request handling, including reviewing and approving firewall and security group requests when required.
• Track and manage identified information risk issues and associated corrective action plans (CAPs), ensuring timely resolution and closure in alignment with governance requirements.
• Candidate must be flexible to work in the morning or in a hybrid environment, as required.

Required Qualifications:

• Experience in application security including secure software assessment tools like SAST, DAST, SCA, IAST, RASP, etc. or similar areas.
• IT risk management experience in areas such as vendor risk management, project risk management, IT audit, or IT controls assessment.
• Strong Knowledge of security controls, frameworks, regulatory requirements and standards, concepts (e.g. ISO 270XX, MAS, etc.), and industry best practices (e.g. OWASP, CSA, CIS).
• Post-secondary education in information security, computer science, information technology, software engineering, or equivalent professional education.
• Strong communication, presentation, time management, and facilitation skills to all levels and audiences.
• Knowledgeable in AKS, Azure, AI Foundry and GitHub
• Exceptional attention to detail, ensuring accuracy and completeness in risk documentation and issue tracking.
• Strong interpersonal and collaboration skills to effectively engage with diverse teams and stakeholders
• Problem solving, analytical, and innovative mindset.
• A team player who can also work independently.
• Amenable to work on a day/mid shift schedule
• Amenable to work on a hybrid set-up (3x a week onsite)

Preferred Qualifications:

• Experience with container orchestration, infrastructure as code, scripting and coding languages (e.g. Terraform, Bash, PowerShell, Python) is an asset.
• Relevant professional certifications (e.g. CISSP, CCSP, CRISC, etc.) is an asset.
• Understanding of Generative AI (GenAI) concepts and practical applications.
• Experience using tools like Power Automate and Copilot Studio to develop solutions that enhance work efficiency and automate tasks.

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.