Third Party Security Risk Manager

Posted 8 Days Ago
Be an Early Applicant
Toronto, ON
Hybrid
Senior level
Fintech • Payments • Financial Services
The Role
The Third-Party Security Risk Manager will assess and mitigate security risks from partners and vendors, ensuring compliance with cybersecurity regulations. Responsibilities include conducting security risk assessments, monitoring third-party risk action plans, and providing input on security for third-party contracts.
Summary Generated by Built In

Join a Challenger


Being a traditional bank just isn’t our thing. We are big believers in innovating the banking experience because we believe Canadians deserve better options, and we challenge ourselves and our teams to creatively transform what’s possible in banking. Our team is made up of inquisitive and agile minds that find smarter ways of doing things. If you’re not afraid of taking on big challenges and redefining the future, you belong with us. You’ll get to work with people who will encourage you to reach new heights. We like to keep things fun, ask questions and learn together.

 

We are a big (and growing!) family. Overall we serve more than 670,000 people across Canada through Equitable Bank, Canada's Challenger Bank™, and have been around for more than 50 years. Equitable Bank's wholly-owned subsidiary, Concentra Bank, supports credit unions across Canada that serve more than six million members. Together we have over $125 billion in combined assets under management and administration, with a clear mandate to drive change in Canadian banking to enrich people's lives. Our customers have named our EQ Bank digital platform (eqbank.ca) one of the top banks in Canada on the Forbes World's Best Banks list since 2021. 



Purpose of Job

The Third-Party Security Risk manager will work closely with the technology teams and line of business teams to mitigate the risk of security attacks emanating from partners, vendors and other related third-parties while enabling the business to grow the bank and serve our customers efficiently and securely.


Main Activities:

· Perform Third-Party security risk assessments.

· Monitor and report on third-party security risk action plans, engaging with third-party contacts as well as business stakeholders.

· Maintain third-party security risk management framework ensuring alignment with Risk management framework (2nd Line of defense) and Privacy requirements

· Provide security input to third-party contracts by ensuring alignment with cyber security regulatory requirements and Company cyber security policies

· Identify supplier related cyber risk threat scenarios and evaluate risk rating based on a thorough review of the third party’s security program and technical architecture.

· Monitor third-party compliance program, ensuring continuous compliance and evidence collection, validation, and recording.


Knowledge/Skill Requirements:

· A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.

· At least five (5) years of information security and information risk experience.

· At least three (3) years of third-party risk management experience (including hands-on experience conducting third party risk assessments)

· Understanding of Cloud Shared responsibility models and risk mitigation approach/techniques.

· Experience in performing organization-wide/entity security risk assessments or audits is required.

· Understanding and experience with security compliance frameworks such as PCI DSS, BSIMM, Cloud Security Alliance, NIST, ISO 27K series is required.

· Understanding of Canadian Financial industry regulations relevant to third-party security and privacy expectations E.g. OSFI, OPC

· The following certifications are preferred: CCSP, CCSK, CISM, CISSP, CISA, or CRISC.

· Experience working in a banking or financial services environment is an asset.


Accountability 

· The incumbent works under direct management of the Senior Manager, Information Security Risk Management. They will be expected to lead and provide guidance to others in the department. 

· The incumbent is accountable for formulating, developing and drafting security policies, procedures, and other relevant documents while liaising with the concerned stakeholders to ensure that the Information Security concerns are amicably addressed and their buy-in is obtained. Hence paving the way for easy acceptance at the time of implementation. 

· The incumbent is accountable for the managing of security risk throughout the lifecycle, right from identifying the security risk to explaining it to the relevant stakeholders and getting their buy-in in remediating to tracking the closure of the weaknesses/risks to the organization. 

· The incumbent is accountable for ensuring the completeness and accuracy of the periodic compliance reports submitted by the IT functions. Failure to it may result in the IT organization being non-compliant with external and internal regulators.

· The incumbent is also responsible for performing penetration testing as per the agreed upon plan by the Senior Manager, IT Security & Compliance and, compiling the report and working with the concerned stakeholder for getting the weaknesses remediated/fixed or risk accepted. Similarly, the incumbent will maintain register for penetration testing results and vulnerabilities and liaise with action owners for fixing the gaps. 

· The incumbent is also responsible for administering and managing GRC solution implemented in the Bank, look at ways of improving the solution and address and resolve queries from various other stakeholders. 

· This position is also required to work with internal and external audit and compliance related teams and partners on an as needed basis. 

· The incumbent is accountable for ensuring that the information security controls identified and agreed for implementation have been properly implemented/embedded within the Information technology systems and operations. Non-implementation may result in the organization being exposed to cyber threats. 

What we offer [For full-time permanent roles]

 

💰 Competitive discretionary bonus 

✨ Market leading RRSP match program

🩺 Medical, dental, vision, life, and disability benefits

📝 Employee Share Purchase Plan

👶🏽 Maternity/Parental top-up while you care for your little one

🏝 Generous vacation policy and personal days 

🖥 Virtual events to connect with your fellow colleagues

🎓 Annual professional development allowance and a comprehensive Career Development program

💛 A fulfilling opportunity to join one of the top FinTechs and help create a new kind of banking experience


The incumbent will be working hybrid and in office time will be spent working from Equitable Bank’s additional office space located at 351 King Street East, Toronto, ON.

Equitable Bank is deeply committed to inclusion. Our organization is stronger and our employees thrive when we honour and celebrate everyone’s diverse experiences and perspectives. In tandem with that commitment, we support and encourage our staff to grow not just in their career path, but personally as well. 


We commit to providing a barrier-free recruitment process and work environment for all applicants. Please let us know of any accommodations needed so that you can bring your best self to the application process and beyond. All candidates considered for hire must successfully pass a criminal background check and credit check to qualify for hire. While we appreciate your interest in applying, an Equitable recruiter will only contact leading candidates whose skills and qualifications closely match the requirements of the position.

 

We can’t wait to get to know you! 

Top Skills

Cloud Security
Information Security
Risk Assessment
Third-Party Risk Management
The Company
Toronto, Ontario
1,529 Employees
On-site Workplace
Year Founded: 1970

What We Do

MakeBank on everyday banking: Earn high interest on every dollar Say no to fees No minimum balances Powered by Equitable Bank, a Schedule I Canadian Bank EQB Inc. (formerly Equitable Group Inc.) trades on the Toronto Stock Exchange (TSX: EQB and EQB.PR.C), directly serves over 607,000 Canadians through its wholly owned subsidiary Equitable Bank, Canada's Challenger Bank™, and serves over 200 Canadian credit unions that serve over 6 million of their members with products and services. Equitable Bank has grown to become Canada's 7th largest independent Schedule I bank with over a $119 billion in assets under management and assets under administration, and a clear mandate to drive real change in Canadian banking to enrich people's lives. At Equitable Bank, we are as invested in our employees as we are in our business. That’s why we are consistently recognized as one of Canada's Top Employers – a rating that comes from our 1,800 employees. Equitable Bank’s inclusive, welcoming, and pride-inducing workplace earned it the honour of being recognized as one of the top 50 organizations on the 2023 list of Canada’s Best Workplaces™. Founded over 50 years ago, Equitable Bank provides diversified personal and commercial banking, and through its EQ Bank platform (eqbank.ca), which has been named #1 Bank in Canada for three consecutive years on the Forbes World's Best Banks list for 2021, 2022, and 2023. Equitable Bank website: www.equitablebank.ca EQ Bank website: www.eqbank.ca Specialties Lending, Mortgages, Residential Lending, Commercial Lending, Reverse mortgages, Insurance lending, Equipment leasing , Credit Union, Trust, and Funds Management

Similar Jobs

TransUnion Logo TransUnion

Sr. Business Systems Consultant

Big Data • Fintech • Information Technology • Business Intelligence • Financial Services • Cybersecurity • Big Data Analytics
Hybrid
Burlington, ON, CAN
13000 Employees

Braze Logo Braze

Senior Incident Manager

Marketing Tech • Mobile • Software
Easy Apply
Remote
Ontario, ON, CAN
1500 Employees

CNA Logo CNA

Risk Control Consultant

Cloud • Insurance • Professional Services • Analytics • Cybersecurity
Hybrid
Toronto, ON, CAN
7000 Employees

Instacart Logo Instacart

Support Engineer (Contractor)

eCommerce • Food • Software
Burlington, ON, CAN
3000 Employees

Similar Companies Hiring

MyBambu Thumbnail
Social Impact • Payments • Other • Mobile • Fintech • Financial Services • App development
West Palm Beach, Florida
120 Employees
Energy CX Thumbnail
Utilities • Professional Services • Greentech • Financial Services • Energy • Consulting • Business Intelligence
Chicago, IL
55 Employees
MassMutual India Thumbnail
Insurance • Information Technology • Fintech • Financial Services • Big Data
Hyderabad, Telangana

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account