Staff Offensive Security Engineer at Greenlight, leading offensive security strategies and vulnerability assessments. Collaborating with teams to enhance security measures and ensure safe banking for families.
About the role
- IT Internal Audit Assistant Manager leading independent reviews of IT projects and programs. Enhancing IT security and governance risk/control environment across North America with global team support.
Responsibilities
- Lead independent reviews of IT projects and programs and be responsible for supporting planning and execution of risk-based, process focused IT audit and advisory assignments.
- Improve the overall IT security and governance risk/control environment for key IT projects/programs developed.
- Operate primarily across North America with support to UK and European operations.
- Provide real-time guidance on cybersecurity, AI implementation, secure development practices, cloud infrastructure, and data governance.
- Identify gaps in Software Development Lifecycle practices across critical projects and collaborate with stakeholders to craft recommendations that align with both internal standards and industry best practices.
- Prepare concise, executive-ready memorandums that distill complex technical risks into clear business language.
Requirements
- Post Secondary education in Information Systems, Computer Science, Software Engineering, or a related field - is required.
- A minimum of 3 years in IT auditing - is required.
- Recognized professional audit or security related designation (CIA, CISA, AAIA, CCSK, CCSP, CISSP, CISM, etc.).
- Working experience in reviewing software engineering controls related to project governance, data governance, IT and Data Security, testing and change/release management areas.
- Knowledge of best practices and strong security controls over cloud environments (AWS, Azure, GCP, etc.) or Artificial Intelligence (AI)/Machine Learning (ML) technologies and their security implication.
- Proficient in reviewing security vulnerabilities identified from different platforms such as middleware/container/automated pipelines with experience to independent assess the end-risk and root cause for each of the vulnerabilities.
- Knowledge of cyber security risks, assessments, reports and frameworks such as those published by leading organizations (e.g. NIST, ISO 27001, SOC 2 Type II, etc.) is an asset.
- Strong analytical skills that lead to accurate conclusions.
- Strong project management skills and solutions driven.
- Excellent written and communication skills.
- Experience using data analytics tools is an asset.
- Prior Big 4 firm and insurance industry experience is an asset.
- For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
Benefits
- Flexible work arrangements and a hybrid work model
- Possibility to purchase up to 5 extra days off per year
- Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
- Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Join NVISO as a Cloud Security Consultant (Jr.) focusing on Azure/Microsoft 365 security solutions. Collaborate to understand and address cyber security requirements for clients.
Information Security Officer responsible for managing company cybersecurity and compliance. Developing security strategies and processes within an IT service provider for the food and beverage industry.
Cyber Security Engineer designing and developing secure web applications and cybersecurity tools for ADI Global Distribution. Collaborating with international teams and continuous professional growth support.
Cyber Security Engineer designing and developing cybersecurity solutions for ADI Global Distribution. Combining secure software development, cloud engineering, and modern testing practices in a supportive environment.
Cybersecurity GRC Lead enhancing Industrial IoT security at Emerson; overseeing EU - wide product safety governance framework.
Senior Cyber Security Engineer within Security Operations leading SOC enhancements and advanced analytics. Focus on driving automation and intelligence - driven operations.
Technical Security Expert at Spendesk enhancing security for one of Europe's fastest - growing fintechs. Collaborating with teams to embed security in every project while staying ahead of threats.
Lead Security Engineer driving security initiatives that embed secure - by - design principles at Pipedrive. Collaborating with teams to strengthen security posture across platforms and products.
Lead Security Engineer driving security initiatives for cloud - based software company. Focused on scalable tooling for automated detection and response while mentoring security engineers.