Senior Technology Specialist, Information Security

At Equitable Life of Canada, we realize that your work life is not just about performing a job; it's about being part of a workplace that helps you grow and reach your full potential. Within our friendly and collaborative work environment, we recognize that the key to our growth and success is a dedicated, motivated and customer-responsive staff. Join Equitable Life today.
Position Title: Senior Security Specialist
Reports To: Manager, Information Technology Security
Department: IT
Term: Permanent Full-Time
Work Arrangements: We are currently working remotely, and we will be moving to a hybrid model when our office renovation is complete (approximately September 2023), coming into the office a minimum of 2 days per week, every other week on designated days.
The Opportunity: Reporting to the Manager, Cyber Security Operations, the Senior Security Specialist is a technical security expert promoting secure architecture and design at Equitable Life. This role improves the security position of Equitable Life through various activities including but not limited to: performing technical security reviews on Company initiatives, providing leadership to other teams on security related topics and defining system security architecture, strategy and designs.
What you will be doing:

• Perform security assessments, identify gaps, and provide recommendations to improve overall enterprise security and to ensure compliance with regulatory and security requirements
• Implement recommendation actions and apply fixes to address gaps identified by assessments and compliance tools such as Azure/365 compliance centers, Microsoft Defender for Cloud and Rapid7
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures)
• Research and propose new solutions (including cost and effort estimates) for Cloud Security, Endpoint Security, Network Security, Perimeter Defense, Identity and Access Management, Vulnerability Management, Secure SDLC (Software Development Life Cycle), and other areas as required
• Whenever required, manage enterprise security systems including but not limited to firewalls, VPN (Virtual Private Networks), IPS/IDS (Intrusion Detection and Prevention Systems), Key Vaults, PKI (Public Key Infrastructure), EDR (Endpoint Detect and Response) (Endpoint Detection and Response), Antimalware, Vulnerability Scanners, SIEM (Security Information Event Manager), PIM (Privileged Identity Manager), SWG (Secure Web Gateway)
• Participate in the design and execution of vulnerability assessments, penetration tests, security audits, and Threat Risk Assessments, providing recommendations on risk avoidance, mitigation, and issue resolution
• Provide subject matter expertise to senior management and technical teams, and support the design, deployment, configuration, and monitoring/evaluation of a secure hybrid environment (on premises and Cloud) in the areas of infrastructure (hardware, software, and networks), secure application development, and secure data management
• Define and communicate security requirements with business and technical teams for new corporate projects and business operations
• Perform other duties as required
• Perform planning, deployment, testing, and documentation of new security solutions or enhancements to existing security solutions in accordance with security best practices and policies
• Whenever required, participate in investigations and troubleshooting security related issues
• Identify and prioritize system functions required to promote continuous availability of critical business processes and assist in planning, developing, and testing enterprise Disaster Recovery and Business Continuity Plans
• Participate in the planning and design of enterprise security architecture and document how the implementation of modern technology impacts the security posture of the current environment

What you will bring:

• Certified Information Systems Security Professional (CISSP) certification or equivalent
• Experience in reviewing and assessing design documents, vulnerability assessments, Threat and Risk assessments, penetration testing reports.
• Certified Cloud Security Professional CCSP (Certified Cloud Security Professional) or equivalent is an asset
• Excellent organizational and planning skills
• Minimum ten (10) years in IT
• Hands on experience in planning, deploying, maintaining, and enhancing security systems on premises and cloud Palo Alto firewall/VPN/IPS/IDS, Splunk SIEM, SASE Secure Web Gateway, Rapid7 Vulnerability Management, Pulse Secure, PKI Certificate Management, Container Security, Secure Development Lifecycle, Microsoft Defender for Endpoints/Identity/Cloud Apps, Azure firewall, Akamai WAF (Web Application Firewall), Azure Key vault, Azure IaS, Azure Active Directory PIM, Conditional Access, Exchange Online Protection, DDOS (Distributed Denial of Service)
• Three (3) years in a related senior level technical role is preferred
• Minimum eight years of experience in Information Security and Compliance
• Strong attention to detail with an analytical mind and outstanding problem-solving skills
• Knowledge of Open Web Application Security Project (OWASP), Secure Sockets Layer / Transport Layer Security (SSL/TLS) and Transmission Control Protocol / Internet Protocol (TCP/IP) protocols
• Experience in analyzing, developing, monitoring, and creating policies, procedures, processes, and systems in support of cyber security and risk management
• Experience prioritizing critical business processes and assisting in planning, developing, and testing enterprise Disaster Recovery and Business Continuity Plans
• Proficiency in the use of IT Security appliances safeguards and tools in cloud and on premises environments
• Five (5) years of progressive experience in information security/risk roles is preferred
• Great awareness of cybersecurity trends and hacking techniques
• An undergraduate or graduate degree in Information Technology or equivalent

What’s in it for you:

• Discounts on company products and services, and access to exclusive employee perks
• Annual bonus program, annual vacation allowance, and company-paid benefits program
• Immediate enrollment in the company’s pension program with employer matching
• Tuition support and specialized program assistance
• A healthy work-life balance with employee wellness top of mind
• A company subsidized cafeteria with a variety of daily options
• Employee resource groups that support an inclusive work environment
• An additional paid volunteer day each year so you can spend time giving back to the community
• Regular EQ Together events focused on company togetherness and collaboration

As part of the recruitment/offer process you will be required to:

• Undergo a criminal background check
• Provide two professional references (minimum one supervisor and above)

To learn more about Equitable Life, we encourage you to explore our organization.
At Equitable Life, we are committed to providing equal access to employment opportunities across our organization. Please contact our HR team at [email protected] if you would like to receive our job postings in an alternative format or require an accommodation with the application process.
Apply Now