Senior Information Security Analyst - ServiceNow (Toronto - Hybrid)

About The Position

Requirements

• University degree or equivalent relevant experience
• 5-7 years of relevant experience in information security, technology controls, risk management, or a related field
• Sound knowledge and practical experience working with ServiceNow modules, including Change, Incident, Problem, TDAR, and CMDB
• Experience generating reports and analysis within ServiceNow
• Sound to advanced knowledge of organizational processes, technology controls, security, and risk issues
• Experience contributing to projects of moderate to high complexity

Responsibilities

• Provide expert consultation and advice to business and technology partners on technology controls, information security programs, policies, standards, and security incidents within the specialized area of responsibility.
• Conduct project-level consulting on risk assessments, control design, control effectiveness, vulnerability assessments, and other relevant security matters.
• Lead or contribute to risk and control design assessments across an application portfolio, documenting the business and enterprise impact of control gaps, including mitigation strategies and remediation plans.
• Support the definition, development, and oversight of enterprise security management strategies and frameworks.
• Help ensure that appropriate technology, governance, and processes are in place to monitor, detect, prevent, and respond to current and emerging security threats.
• Collaborate proactively with stakeholders, service owners, and platform owners to integrate security requirements into enterprise architecture and address identified control gaps.
• Provide consultation on regulatory compliance requirements, related reporting, and inquiries.
• Participate in security incident response activities relevant to the business or enterprise and represent the function’s position to stakeholders as needed.
• Adhere to internal policies, procedures, technology control standards, and applicable regulatory guidelines.
• Contribute to the review of internal processes and identify opportunities to improve efficiency, effectiveness, and control outcomes.
• Support and advise on enterprise frameworks and methodologies related to technology controls and information security activities.
• Promote a strong risk management culture by influencing behaviors that reduce risk across the enterprise.
• Remain informed on emerging issues, industry trends, and regulatory changes, and assess their potential impact on the Bank.
• Define, develop, implement, and manage standards, policies, procedures, and solutions that mitigate risk while maximizing security, service availability, and operational efficiency.
• Build and maintain effective relationships across technology, business, and control functions to ensure alignment with enterprise and regulatory requirements.
• Identify key issues, escalate them appropriately, and support remediation and risk treatment activities where required.
• Contribute to business-specific, cross-functional, and enterprise initiatives as a subject matter expert, providing risk guidance and supporting complex reporting, analysis, and assessments.
• Perform extensive work within ServiceNow across multiple pillars and modules.
• Support business-as-usual activities, including review and processing within Change Management, Incident Management, and Problem Management.
• Contribute to ServiceNow process and module improvement initiatives.
• Support ServiceNow product development and delivery activities.
• Leverage knowledge of modules such as Change, Incident, Problem, TDAR, CMDB, and related reporting capabilities to support risk management, governance, and operational objectives.
• Continuously enhance knowledge and expertise in information security, risk, and ServiceNow capabilities.
• Keep current on emerging trends, developments, and analytical tools relevant to the role.
• Prioritize and manage workload effectively to deliver quality results within assigned timelines.
• Support a positive work environment that promotes service, innovation, teamwork, and timely communication of issues and opportunities.
• Identify and recommend opportunities to improve productivity, effectiveness, and operational efficiency.
• Establish effective relationships across business and technology teams, program managers, and project managers.
• Participate in knowledge sharing and knowledge transfer within the team and broader business unit.
• Act as a key resource and subject matter expert in at least one technology niche, field, or line of business.

Benefits

• 100% company-paid health, life, and disability insurance effective from Day 1 of employment
• Registered Retirement Savings Plan (RRSP) with the option of employer matching contributions
• Company-paid program for employees and their dependents/partners (Virtual Health Care)
• Support services for employees and their dependents/partners (Employee & Family Assistance Program - EFAP)
• Enhanced parental leave benefits from Day 1 (Parental Leave Top-Up)
• Fitness reimbursement to promote well-being (Wellness Support)
• Personalized coaching to support career growth (Business Coach from Day 1)