Job Description

Working together to be our best!
First National is Canada\xe2\x80\x99s largest non-bank lender, originating and servicing both commercial and residential mortgages since 1988. Over the past thirty years, we have been committed to hiring the best and brightest with over 1,000 proud team members. Through cooperation, ongoing coaching, development opportunities and a culture that celebrates both hard work and teamwork, First National team members are supported to lead, learn and grow.
If you are ready to join First National\xe2\x80\x99s dynamic team, while working hard and having fun doing it, we invite you to apply online and let us know how you can be part of our success story.
We are hiring a Compliance Analyst II, Information Security!
Reporting To: AVP, Information Security
Full-Time/Part- Time: Full-time
Posting Date: December 1, 2023
Closing Date: December 22, 2023
Hours of Work: 8:30 a.m. \xe2\x80\x93 5:00 p.m.
Grade: 12.4
Office Location: Toronto Great location! Steps away from the main public transit station

What we offer:
Highly competitive compensation package which includes, base salary, bonus, benefits, and career advancement opportunities!

• Eligibility for benefits is dependent on the terms of employment

The Opportunity:
A strategic and integral member of the Information Technology organization, responsible for the compliance activities of the information security function. This role, reporting to the AVP, Information Security is responsible for ensuring the security, integrity, and availability of First National information assets.

The candidate will be responsible for the management and continuous improvement of security program(s), mission, and strategy. This role requires knowledge and experience in information security, information security management frameworks, good knowledge of information security controls particularly aligned with ISO 27001.

The Requirements Needed:

• Review and improve the Information Security Management System
• Play an advisory role to the various IT teams in the implementation of controls.
• Help develop and manage an Information Security Compliance framework.
• Assist in all current and future security related audit and certification processes.
• Build strong cross-organizational relationships and work seamlessly across a qualified and knowledgeable IT team.

Governance
Assist in development, update, review of documents such as policies, standards, procedures, records, reports, and others as relevant.
Ensure that the security program managed in accordance with security policies, procedures, and third party or compliance obligations.
Development reports and presentations as required.

Compliance Management
Manage compliance of ISO 27001 domains across the enterprise, such as around Anti-virus, Patching, User Access Reviews, etc.
Assist in measuring and improving Information Security objectives and metrics across the enterprise.
Plan and coordinate current and future security related audit and certification processes, such as internal and external audit, vendor assessments, benchmarking, etc.

Risk Management
Support in the maintenance of the Information Security Risk Management program, as part of the ISO 27001 certification.
Advise and provide oversight on the management of all relevant information security risks and associated controls.

Information Security Awareness
Dedication to develop, improve, contribute to, and enhance the Security Awareness Training and Phish Test program.
Hands on experience managing Security Awareness programs, for end users and IT Personnel, and Phishing simulation campaigns proficiently.

Skills and Attributes:

• Track record of planning and executing complex work efforts
• Strong interpersonal communication, analysis, and writing skills.
• Ability to work effectively with business unit managers, application development and IT operations staff.
• Superior verbal and written communication skills
• Intermediate presentation and excel skills.
• Must be a team player.

Education/Certification/Experience Requirements:

• Bachelor\xe2\x80\x99s degree in computer science/IT Management/MIS or the equivalent work experience is required. Graduate degree preferred.
• 3-6 years of prior information security management experience is required, with preference for candidates with implementation of Information Security controls and good knowledge of frameworks.
• Experience developing and maintaining information security policies, standards, processes, guidelines, procedures, controls, and incident response planning, preferably for financial institutions or processors.
• Information security certifications, such as ISO27001, CISA, CISSP, CISM, or equivalent preferred.

Why join First National?

• Bright open concept office environment
• Large kitchens with a coffee and latte maker to enjoy at no cost
• Supportive teamwork focused environment
• Collaborative entrepreneurial spirit
• Opportunities to give back to the communities and work through events focused on a variety of charities
• Ongoing social events throughout the year
• Extensive training programs to set our employees up for success

First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation or any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at accessibility@firstnational.ca.

We would like to thank all applications for their interest, but only candidates selected for an interview will be contacted.

#FNLOON