As a Senior Cyber Security Specialist you will be identifying, assessing, and managing technology and cybersecurity risks to ensure the organization's information and system assets are effectively protected. This role ensures that enterprise architecture principles and standards are designed to be secure and resilient, ensuring that the implementation of solutions, applications, and technology (both hardware and software) do not compromise business objectives by introducing Technology or Cybersecurity risks.
Additionally, the Specialist integrates threat intelligence, KPIs, and KRIs into the risk monitoring process to proactively identify changes that require action, aiming to prevent the materialization of potential risks. The Specialist also supports security testing, performs threat modeling, and addresses risks across Technology and Cybersecurity environments.
What We Offer:
- Work Environment – Work in our beautiful home office building with access to a fitness facility, onsite nurse, and a café
- Hybrid Work Model – Allows for a blend of in-office and work-from-home days
- Competitive Compensation – Including an annual bonus plan, pension plan, and parking allowance
- Flexible Benefits Plan – in effect from day one and offers three levels of coverage to select from to meet your unique, personal needs
- Paid Vacation – Plus an annual option to purchase additional vacation, too
- Wellness Support – With an annual wellness allowance, paid personal care days and a 24/7 Employee & Family Assistance Program
- Opportunity to give back to some amazing causes in our community – Choose when and where to make an impact with a paid volunteer day, company volunteer opportunities, and a donation matching program
Your Responsibilities:
- Participate in the assessment and definition of Technology security strategies, principles, policies, and standards
- Identify, assess and manage Technology and cybersecurity risks using risk assessment tools and frameworks
- Assess risks associated with the design and development of innovative solutions across infrastructure, applications, data, and technology
- Develop cybersecurity requirements for new products, services, infrastructure, and applications
- Collaborate with IT teams to perform threat modeling and integrate security considerations into projects
- Design and conduct security testing, identifying risks, recommending mitigations, and ensuring continuous monitoring of systems for emerging risks
- Develop and maintain risk dashboards to provide visibility into key risk metrics and trends
- Provide subject matter expertise in cyber risk management frameworks and help define risk tolerance levels aligned with organizational goals
- Conduct ongoing risk assessments and implement effective risk treatment plans to minimize potential impacts
- Monitor risks by integrating threat intelligence, KPIs, and KRIs, identifying changes that require proactive actions to prevent materialization
Your Skills:
- Ability to apply industry defined development techniques to create or modify IT solutions
- Ability to conduct a process of steps used to collect and analyze information to increase our understanding of a topic or issue
- Modeling - The ability to represent information following a defined standard, using a combination of graphical and textual elements
- Ability to quickly identify and mitigate problems
- Sense of urgency, adaptable, and flexible to changing priorities
- Strong analytical, problem solving, and deductive reasoning skills to troubleshoot effectively
- Structured and methodical approach to root cause analysis, problem resolution, and incident management
- Able to navigate a fast-paced, ever-changing environment that operates under tight deadlines
- Able to set priorities based on business and stakeholder need
- Strong understanding of threat intelligence integration and experience using it to guide risk management decisions
- Proficiency in security testing and threat modeling techniques
- Analytical skills for interpreting risk metrics, identifying trends, and providing actionable recommendations
- Strong ability to communicate complex risk issues clearly to both technical and non-technical stakeholders
Your Experience:
- Bachelor’s or Master’s degree in Computer Science, Information Technology, Information Systems, or equivalent experience
- Overall 10+ years including 7+ years of experience in cybersecurity, system architecture, design, development, and deployment
- Experience in complex application environments (e.g. Oracle ERP, SalesForce etc)
- Experience in various development platforms for Web, Mobile and/or low-code app development
- Experience in complex network security
- Experience in within cloud platforms (Azure, AWS)
- Experience in developing and monitoring KPIs/KRIs for risk management purposes
- Knowledge of security frameworks such as NIST CSF, RNF and 800-53r5, ISO 27005, and CIS CC v8.1
- Certifications such as CISSP, CRISC, CISM, Offensive Security are a strong asset
Irving Oil is committed to supporting a diverse and inclusive work environment. We thrive on the good energy that’s created when our people from different backgrounds, identities, cultures and experiences share their unique perspectives. Diversity is key to our success and inclusion is everyone’s responsibility.
Job Type: Full-time
Benefits:
- Company pension
- Employee assistance program
- Extended health care
- Life insurance
- Paid time off
- Wellness program
Work Location: Hybrid remote in Saint John, NB E2L 0G3