Manager, Cyber Security
goeasy
Mississauga, ON
If you are looking to join one of Canada’s fastest growing companies, goeasy Ltd. is the place for you! Recognized as one of Canada’s Most Admired Corporate Cultures in 2018, one of Canada’s Top 50 Fintech’s and one of North America’s Most Engaged Workplaces, we want the best and brightest to join our team.

We are a publicly traded company on the TSX with over 4000% shareholder return since 2001, goeasy operates two main business units. easyfinancial is our consumer lending business that offers secured and unsecured installment loans of up to $35,000 and easyhome is Canada’s largest merchandise lease-to-own company. It is our mission to provide everyday Canadians the chance for a better tomorrow, today by giving them access to the credit they need and by offering them a second chance when they have been turned down by banks and traditional lenders. With a retail network of nearly 400 locations across Canada and over 1900 employees, we are able to build lasting relationships with our customers as we help them rebuild their credit and graduate towards prime rates and a brighter financial future.

goeasy is looking for a Manager of Cyber Security to develop and maintain design plans for the overall logical and technical IT security architecture. The incumbent must provide technical leadership and consulting expertise across the organization, from the point of strategic decision making down to project planning and execution. The Security Engineer is also responsible for presenting findings and recommendations at all levels within the company to gain commitment for high-level security plans, as well as initiating and participating in projects to evaluate various technologies and methods for successfully implementing those plans.

Responsibilities:
Maintaining an in-depth knowledge of company’s strategic business plans.
Providing architectural consulting expertise, direction, and assistance to Business Systems Analysts, Business Solutions Architects, Infrastructure team, and Application Developers.
Provide technical leadership for Threat Assessment and response.
Accountable for Cyber Intelligence and Response Lifecycle.
Identify potential sources of application security risk, prioritizing them based on risk impact.
Developing and documenting multiple options for revised IT architectures and changes to the technology portfolio, with recommendations for security optimization and cost/benefit analyses for each option.
Provide guidance on Threat Assessment and Response initiatives in alignment with the strategic and operational objectives of the technology organization and the business.
Understanding and articulating to key stakeholders how information aspects of the Security Architecture help achieve business strategy.
Developing, documenting, communicating and enforcing a technology standards policy.
Conducting research on emerging technologies in support of infrastructure development efforts, and recommending technologies that will increase cost effectiveness and infrastructure flexibility.
Designing, developing and overseeing implementation of end-to-end integrated security systems.
Identifying where change is required (development of a Gap mitigation plan) in order to keep the Security Architecture vital, sustainable and ready to support business capabilities.
Ensuring alignment between different domains of IT architecture.
Support other domain architects - Address technical architectural issues throughout the construction of a solution to ensure that it remains true to the defined technical solution architecture.

Qualifications:
University degree in Computer Science, Engineering, Mathematics or a related disciple.
Security, infrastructure and application design experience preferred.
7+ relevant experience, with 4+ years’ work experience as an Security Engineer/Architect.
Good understanding of the architectural principles of cloud-based platforms including IaaS, PaaS and SaaS.
Hands-on experience with business requirements gathering and analysis.
Extensive experience developing Cyber attack scenarios and simulations.
Strong knowledge of Threat Modeling, and Penetration testing.
Experience directing Red/Blue/Purple testing.
Knowledge of security standards (ISO 27001, NIST 800-53, etc.) frameworks (NIST Cybersecurity, etc.) and regulations (particularly in financials) is an asset.
Proven project planning and management experience.
Good understanding of Secure SDLC and Secure DevOps is an asset.
Experience in CI/CD is an asset.
Understanding of application security concepts such as SAST & DAST is an asset

Inclusion and Equal Opportunity Employment

goeasy is an equal opportunity employer. In addition, goeasy is committed to providing accommodations for applicants upon request at any stage of the recruitment process in accordance with all legislative requirements throughout Canada. Please let us know if you require an accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.

Additional Information:
All candidates considered for hire must successfully pass a criminal background check, credit check, and validation of their work experience to qualify for hire. We thank all interested applicants, however we will only be contacting those for interview who possess the skills and qualifications outlined above.

Why should you work for goeasy?

To learn more about our great company please click the links below:

http://goeasy.com/careers/

PAID1234

#LI-POST