Sr Info Security Analyst

Haventree BankToronto, ON
Hybrid

About The Position

Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are available through a variety of wealth management platforms. About Haventree Bank Headquartered in Toronto, Ontario, Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the bank’s mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system. Position Summary: Reporting to the Director, Information Security, the Senior Information Security Analyst plays a key role in advancing the Bank's security operations and strengthening its ability to detect, respond to, and mitigate evolving threats. This role combines hands-on technical execution with broader contributions to the Bank's security programs and overall risk posture.

Requirements

  • Bachelor’s degree in Computer Science, Information Security, or a related field
  • 5+ years of progressive experience in information security, security operations, threat detection, incident response, or related cybersecurity roles
  • Hands-on background investigating security events and incidents across multiple security domains
  • Proven ability to develop, tune, and validate detections in SIEM, EDR/XDR, or related security platforms
  • Strong working knowledge of cloud and SaaS security, including Microsoft 365 and Azure (Sentinel, Defender, Entra ID); exposure to AWS or GCP is considered an asset
  • Practical understanding of identity and access management (IAM) concepts, including user access reviews, privileged access management, or identity governance platforms
  • Demonstrated involvement in vulnerability management programs, security assessments, and operational security reporting
  • Familiarity with threat intelligence concepts, indicators of compromise (IOCs), and threat landscape monitoring

Nice To Haves

  • CompTIA Security+ or CySA+
  • GIAC (e.g., GCIH, GCIA)
  • Microsoft Certified: Azure Security Engineer Associate (or equivalent M365 security certifications)
  • Certified Cloud Security Professional (CCSP) or similar cloud-focused certification
  • Proficiency in scripting (e.g., PowerShell, KQL, Python) for automation, detection development, or log analysis is considered an asset
  • Background working with MSSPs, managed detection and response providers, or external security partners is considered an asset
  • Exposure to regulated industries (e.g., financial services, banking) is considered an asset

Responsibilities

  • Monitor, investigate, and coordinate response to security alerts and incidents across cloud, endpoint, identity, email, and network environments
  • Act as an escalation point for complex investigations, analyzing attack patterns, scope, and potential business impact
  • Collaborate with MSSP and internal teams to ensure effective detection, response, and operational alignment
  • Perform proactive threat hunting to identify suspicious or malicious activity not detected through standard alerting
  • Develop, tune, and maintain detection use cases aligned to attacker tactics and frameworks such as MITRE ATT&CK
  • Support and enhance the effectiveness of security platforms (e.g., SIEM, EDR/XDR, CNAPP, and identity)
  • Coordinate vulnerability management activities, including prioritization, remediation tracking, and risk reporting
  • Design and execute comprehensive phishing simulation campaigns to assess organizational security awareness. Analyze campaign results and create detailed reports for management and board presentations.
  • Manage and deliver security awareness training programs for employees, focusing on regulatory compliance, social engineering threats, and secure handling of financial data. Track completion rates and assess program effectiveness.
  • Conduct security reviews for systems, projects, and vendors to ensure alignment with security requirements and regulatory expectations
  • Expand and mature data protection initiatives, including alignment with data classification and DLP controls
  • Develop and maintain operational metrics, reporting, and runbooks to improve visibility, consistency, and response effectiveness
  • Stay up-to-day on information security trends and industry best practice approaches

Benefits

  • Haventree Bank is committed to providing accommodation when needed. If you require an accommodation, we will work with you to meet your needs.
  • Haventree Bank embraces equal opportunity, diversity, and inclusion.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service