Information Security Specialist

About The Position

Requirements

• University degree
• 7+ years of relevant experience in information security, technology risk, or related disciplines
• 1+ years of experience in application security, including secure code review, web application penetration testing, or threat modelling
• 1+ years of experience in secure code review / static application security testing
• Detailed understanding of the OWASP Top 10 and CWE Top 25, with the ability to identify and remediate vulnerabilities in source code
• Working knowledge of ServiceNow
• Strong ability to clearly explain security risk and business impact of application vulnerabilities to technical and non‑technical audiences

Nice To Haves

• Information security certification or accreditation (e.g., CISSP, CSSLP, GIAC, or equivalent)

Responsibilities

• Identify and Reduce Application Risk: Analyze and identify security vulnerabilities in source code using automated and manual static analysis tools and techniques. Detect, analyze, and provide remediation guidance for vulnerabilities across multiple programming languages. Develop and maintain high‑quality vulnerability descriptions, business impact statements, and remediation guidance.
• Enable Secure Software Development: Train and assist developers in writing secure software and remediating identified vulnerabilities. Contribute to the development and delivery of secure coding and remediation training. Research, develop, and recommend open‑source tools to support secure code review and application security testing. Recommend best practices to integrate and automate application security testing throughout the SDLC.
• Provide Trusted Security Advisory Services: Provide consultation and advice to partners on technology controls, information security programs, policies, standards, and incidents within your area of expertise. Conduct project consulting on risk assessment, control definition, control effectiveness, vulnerability assessments, and remediation strategies. Lead or contribute to risk and control design assessments for application portfolios, clearly documenting control gaps, business impact, and remediation plans.
• Strengthen Enterprise Controls and Compliance: Contribute to the definition, development, and oversight of global security management strategies and frameworks. Ensure technology, processes, and governance are in place to monitor, detect, prevent, and respond to emerging security threats. Develop ongoing technology risk reporting, track trends, and define metrics to measure control effectiveness. Consult on regulatory compliance requirements and support audit preparation, management responses, and remediation activities. Participate in computer security incident response activities, representing the enterprise security position to business stakeholders.
• Act as an Enterprise Risk Leader: Adhere to internal policies, technology control standards, and applicable regulatory requirements. Influence behavior across the organization to reduce risk and foster a strong risk management culture. Identify emerging risks, industry trends, and regulatory changes, assessing potential impacts to the Bank. Define, develop, and maintain standards, policies, procedures, and solutions that reduce risk and improve security effectiveness. Escalate key issues to appropriate stakeholders and participate as a subject‑matter expert in enterprise initiatives.
• Grow the Team and Yourself: Continuously enhance expertise and stay current with emerging security trends and practices. Mentor team members and support consistent, high‑quality delivery of assessments. Prioritize and manage workload to meet timelines and deliver quality outcomes. Build strong relationships across technology, business, and control partners. Support knowledge sharing and collaboration within the team and across the organization.

Benefits

• health and well-being benefits
• savings and retirement programs
• paid time off
• banking benefits and discounts
• career development
• reward and recognition programs