Senior Cybersecurity Specialist, Vulnerability Management
Take a central role
The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment.
Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.
With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers: Working Here - Bank of Canada
Find out more about the next steps in our Recruitment process.
In addition to the position being staffed, this competition may be used to fill similar opportunities (Regular or Term) that become available at the same job grade. If you’re interested in this type of role, we encourage you to apply.
About this opportunity
Help build the next generation of cyber resilience at the Bank. Join the Bank’s Cyber Security team to work on high-priority technical initiatives that strengthen how we detect, respond to, and recover from cyber threats in a rapidly evolving environment.
In this role, you will help shape the Bank’s approach to exposure management by identifying, assessing, prioritizing, and driving remediation of vulnerabilities across on-premises and Microsoft Azure cloud environments.
What you will do
You will work closely with the Cloud Solution Integrator to ensure newly integrated cloud services meet security standards and that exposure risks are understood and managed from day one. You will play a central role in evolving the Bank’s vulnerability management program, collaborating with solutions architects, cloud engineers, security operations, and business stakeholders to reduce the Bank’s attack surface.
More specifically, you will:
- Participate in an on-call rotation and provide after-hours support for security incidents, critical vulnerabilities, and urgent operational issues.
- Lead and continuously evolve the Bank’s vulnerability and exposure management program, including scanning, prioritization, and remediation tracking across hybrid on-premises and Azure environments
- Assess the security posture of cloud solutions integrated into the Bank’s environment, with a primary focus on Microsoft Azure
- Perform risk-based analysis of vulnerabilities using threat intelligence and contextual factors (e.g. asset criticality, exploitability, business impact) to prioritize remediation efforts
- Develop and maintain dashboards and reporting (including Power BI) to translate complex vulnerability data into clear, actionable insight for technical teams and senior leadership
- Drive remediation workflows in collaboration with IT operations, cloud engineering, and application teams; track progress and escalate risk as required
- Support third-party and cloud risk assessments, evaluating security controls in Azure-hosted services and SaaS solutions
- Leverage AI tools and emerging technologies to enhance vulnerability detection, triage, and reporting efficiency
- Contribute to the development and maintenance of policies, standards, and procedures related to vulnerability management and exposure reduction
What you need to succeed
You are a strong communicator and collaborator who can build effective relationships across technical and non-technical teams. You bring sound judgment and adaptability, with the ability to navigate ambiguity and shifting priorities while maintaining focus on outcomes. You are an analytical thinker and problem solver, able to interpret complex information and translate it into clear, actionable insights for diverse audiences. As a self-started, you demonstrate initiative, accountability, and a continuous improvement mindset in a dynamic, evolving environment.
More specifically, from a technical perspective, you will:
- Demonstrated hands-on experience with enterprise vulnerability management, including use of scanning and exposure management platforms (e.g., Tenable, Qualys, Microsoft Defender for Cloud)
- Apply a solid understanding of cloud security concepts and Microsoft Azure security services., including Azure Defender, Microsoft Defender for Cloud, Azure Policy, and related tooling
- Interpret complex vulnerability data and perform risk-based analysis using threat intelligence and contextual factors.
- Build and maintain data visualizations and dashboards (e.g. Power BI or equivalent) to support security metrics and reporting
- Leverage AI tools (e.g., Copilot, generative AI assistants, AI-enhanced security tooling) to enhance security analysis and workflows
Nice-to-have
- Experience with Microsoft Defender for Cloud, Azure Security Center, or Microsoft Sentinel in a vulnerability and exposure management capacity
- Familiarity with exposure management frameworks such as CTEM (Continuous Threat Exposure Management) or similar risk-reduction methodologies
- Experience developing Power BI dashboards for security metrics, KPI reporting, or vulnerability program management
- Relevant professional certification (e.g. CISSP, CISM, CompTIA Security+, Microsoft SC-200 Security Operations Analyst, AZ-500 Azure Security Engineer, or equivalent)
- Experience working in a regulated environment (e.g. financial institution or Crown corporation)
Your education and experience
The position requires a university degree or 3-year college diploma in computer science, cybersecurity, information systems, software engineering, or a related discipline with a minimum of six years of recent work experience directly related to one or more of the following areas:
- Vulnerability management and exposure assessment (on-premises and/or cloud)
- Cloud security, with a preference for Microsoft Azure environments
- Information security risk management or security operations
- Security data analysis, metrics development, and reporting (including Power BI or equivalent tools)
A combination of education and experience maybe considered.
Innovative Mindset
We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things.
Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French. Although the position language requirement is English or French essential, we do encourage everyone to improve their second language proficiency for future career growth and to contribute towards fostering a bilingual environment.
What you need to know
- Priority will be given to Canadian citizens and permanent residents
- Security level required: Be eligible to obtain Secret
- Relocation assistance may be provided, if required
- Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
- The official title for this position is “Senior IT Security Assessment Specialist”
Hybrid Work Model
The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a portion of each month as part of the Bank’s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office.
What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider.
- Salaries are based on qualifications and experience and typically range from $111,051 to $130,649 (job grade 17)
- The Bank offers an incentive for successfully meeting expectations at 7 to 10% of your base salary. The Bank offers additional performance pay (5%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
- Flexible and comprehensive benefits so you can choose the level of health, dental disability and life and/or accident insurance coverage that meets your needs
- Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
- Indexed, defined-benefit pension
We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.
