Why Meridian?

At Meridian our aspiration is to integrate our purpose into everything we do for people, the planet, and communities. We believe that our greatest opportunity is to create opportunity and meet people where they are.

Factor us into your next career opportunity. We want you to grow with us and have an experience that’s different. This is a place where you can expect the unexpected. 

Find our story here: About Meridian

The role:

This role provides advanced information security subject matter expertise to the organization through both strategic and operational projects and initiatives. This role works with IT resources, senior management, Security Analysts, and business units from across the organization to advise on information security related architecture, systems, standards, and processes.  The role works with business owners to understand business requirements and identify the appropriate controls that meet identified risk tolerances.

The role takes a leadership position in the development of security strategy and annual planning.  This role drives the maturity and execution of the organizations Vulnerability Management, Metrics, Risk Assessment, Incident Response and Security Awareness programs.

Is this role right for you? In this role, you will:

 

Vulnerability Management

Identify, evaluate, track and report on current threats to environment based on known vulnerabilities, exploits and the IT controls and technologies deployed in the organization. Coordinate and perform vulnerability testing on a cross section of IT systems, networks and applications, to identify gaps in security and recommend courses of action to mitigate any apparent risks, strengthening operational security. Review, analyze and document systems, network and application security vulnerabilities. Recommend remedial actions, and work with system owners, custodians and business partners to develop plans and timelines to address risks. Implement and prioritize the scheduling of remediation items to resolve security exposures in the environment, performing follow up with appropriate parties to ensure completion and mitigation of risk. Monitor vulnerability business metrics and produce regular security reporting.

 

Incident Response

Develop and maintain Meridian’s Information Security Computer Incident Response capability, procedures, and processes. Monitor reported information security events, and Information Security Intelligence on a daily basis, and ensure critical events are immediately escalated and documented in order to quickly respond and protect against threats to the organization’s information assets Conduct investigations into information security incidents, perform root cause analysis (where applicable), identifying threats and mal intent towards Meridian. Assist in the development of Meridians Information Security Incident Response Systems and Systems Security Architecture, including Meridians enterprise intrusion detection, security event management, and Data Loss prevention systems. Effectively liaise and communicate with key business stakeholders and management regarding information security incident events and trending. Create threat intelligence reporting and awareness on incidents both internal and external to the organization written in business terms and outlines risks, impacts, and delivered in a timely manner. Identify, establish and maintain key business metrics for Incident Response and produce regular security reporting. Monitor third party security events and metrics and will work with vendor managers to remediate issues and mitigate risks identified

 

Application Security

Provide subject matter expertise to management on emerging threats and the external threat landscape relating to application security. Contribute to the strategic direction for security related technologies to reduce the threat levels and improve Meridian's cyber security posture. Develop application security policies, standards, and processes to mature the security of organizational SDLC. Plan and execute on initiatives that improve security by integrating security controls into the organization’s SDLC processes. Drive security awareness activities for development teams across the organization.

Security Risk Assessments

Effectively work with Business owners and stakeholders to understand business requirements and identify security requirements for new and existing business processes, technologies, and initiatives. Perform Information Security risk assessments across a wide range of strategic and operational business projects and initiatives, in consultation with all relevant business stakeholders. Assist in the design of information security controls and development of standard security configurations, around new and existing information systems, and processes. Identify, evaluate, and report on current threats to environment based on known vulnerabilities, exploits and the IT controls and technologies deployed in the organization. Assist in the prioritization and scheduling of remediation items to resolve security exposures in the environment, performing follow up with appropriate parties to ensure completion and mitigation of risk.

Security Standards and Processes

Review Information Security related standards, procedures and documented controls, to identify gaps and recommend process improvements.  Coordinate activities to mitigate and respond to any identified risks. Ensure standards, procedures, checklists, guidelines and processes are developed and aligned to organizational security policy, industry best practices and are tailored to effectively meet the specific business requirements of the organization. In partnership with internal business units and staff across the organization ensure that corporate information security policy; standards and practices are embedded in projects/initiatives, new implementations and operational tasks. Define and document security configurations and operational security standards for systems and applications. Provide leadership in the analysis and identification of operational risk in configurations and procedures for existing and newly introduced systems and processes. Review, investigate and liaise with audit compliance team to report on the compliance with established policies and standards. Lead the security exception and exemption process, ensuring controls comply to policy and standards and recommending appropriate courses of action where policy and standards cannot be met.

Knowledge, Skills, and Abilities

Understanding of common networking protocols and services and their relevant security issues. Understanding of operations system and network security weaknesses, vulnerabilities and remediation. Ability to research, analyze and resolve complex problems and escalate issues as appropriate. Working knowledge of access control systems, cryptography, telecommunications, network and internet security, application security physical and operations security. Strong analytical skills. Effective problem solving skills are required to address issues and conflicts that arise between business processes and security requirements when integrating security standards into day to day business operations. Strong communications skills are required in working with business partners and staff from all areas of the organization 4-5 years of working experience working in an enterprise information security environment. Bachelor’s or College Degree in Computer Science or Information Security Governance related field. Certifications in CISSP, Ethical Hacking.

Office Location: Toronto OR  St. Catharines Corporate Office

Meridian has a remote work policy that allows flexibility for employees to work remotely but also requires regular time in the office for purposeful meetings to collaborate, innovate and build effective relationships with your team, your colleagues and your leader which is very important to us.
 

What's in it for you?

We have an inclusive and collaborative working environment that encourages creativity, curiosity, and celebrates success! We provide you with the tools and technology needed to delight your candidates and clients! You'll get to work with and learn from diverse industry leaders, who have hailed from top organizations around the world Hybrid work arrangements with in-person office time to collaborate, innovate and build relationships with your colleagues This isn't your typical "corporate" job. We work hard and we have fun!

 

Who we are:

Meridian is Ontario’s largest credit union, and second largest in Canada, helping to grow the lives of our more than 360,000 Members. Meridian has more than 75 years of banking history and is 100% owned by its members. With 89 retail branches and 15 Business Banking Centers across Ontario and $ 30B in assets under management, Meridian offers a full range of financial products and services to its retail, business banking and wealth members. With over 2000 employees and corporate offices located in Toronto and St. Catharines, Meridian has a track record of creating and delivering innovative new offerings and is committed to investing in the communities that we serve.  Our plan is to build on our momentum as we deliver on our purpose - helping our members achieve their best life. 

Find our story here: About Meridian

 

Experience the Difference!

Meridian committed to promoting an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to employing a workforce that reflects the diversity of our communities and Members in which we live and serve.

Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, or disability.

Please note that due to the volume of applications, only those under consideration will be contacted for an interview.

Thank you for your interest in Meridian Credit Union. 

Follow us on Twitter at

@MeridianCareers

Connect with us on LinkedIn

#LI-NM1

#LI-HYBRID