QTG - Cybersecurity, Cyber Strategy & Risk - Threat Risk Assessment Specialist

Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, ThinkInsure, Zolo, and Flexiti, provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, insurance, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money.

We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.

This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG.

What’s in it for you as an employee of QFG?

• Health & wellbeing resources and programs
• Work-life balance
• Career growth and development opportunities
• Opportunities to contribute to community causes
• Work with diverse team members in an inclusive and collaborative environment
  
  

We’re looking for our next Threat Risk Assessment Specialist. Could It Be You?

As a Threat Risk Assessment Specialist, you will be working in the CISO function and reporting to the Manager, Cybersecurity Risk.

Your primary activity is to perform cybersecurity threat risk analysis on various technology solutions, configurations, technologies and vendors, in order to assess, and qualify the risk and potential impacts in line with existing methodologies and industry best practices.

You will collaborate with other teams and third parties to identify weaknesses and potential attack vectors. You will document your findings and recommended enhancements or compensating controls that will reduce the residual risk and enable the initiatives to proceed within Questrade cybersecurity risk appetite.

Need more details? Keep reading…

In this role, responsibilities include but are not limited to:

You will focus your knowledge of cybersecurity and threat risk assessment methodologies in the following areas:

• Perform cybersecurity threat risk analysis on various technology solutions, configurations, technologies and vendors, in order to assess, qualify and quantify the risk and potential impacts in line with existing methodologies and industry best practices
• Review firewall rule change requests to identify potential risks and exposures
• Support the cybersecurity threat risk assessment program and assist in the improvement of the underlying processes to support the rapid pace of business and technology changes in support of our Agile methodology
• Drive continuous risk reduction by collaborating with internal cybersecurity and IT teams to assess proposed changes against compliance with Information Security Policy and Standards and adherence to best practices
• Work with internal subject matter experts to undertake an in-depth analysis of risks and provide risk mitigation guidance
• Influence and encourage stakeholders to prioritize and execute risk management initiatives and drive remediation of process and risks
• Support the end-to-end operation of the threat risk assessment (TRA) program
• Identify TRA process gaps and opportunities for improvement to efficiently yet safely support the rapidly growing organization
• Organize, track and retain detailed risk assessment documentation
• Participate in team meetings and contribute to technical discussions, track time and activity
• Support the Cybersecurity Risk team and wider CISO function on ad-hoc projects
  
  

So are YOU our next Threat Risk Assessment Specialist? You are if you…

• University/ College Business Administration, Information Technology or Engineering degree/diploma or equivalent work experience
• Experience with performing Cybersecurity Threat Risk Assessments TRAs
• An understanding of firewall rules and access control lists (ACLs) and how to assess them from a risk perspective
• Knowledge of cybersecurity, networks, operating systems and applications
• Knowledge of cybersecurity controls, frameworks and principles such as NIST CSF, NIST 800-53, CIS CSC, PCI DSS, OWASP, S-SDLC, Agile
• Knowledge of cybersecurity risk frameworks such as DoD RFM, OCTAVE FORTE, FAIR, NIST 800-30, and NIST 800-39
• Strong understanding of cybersecurity technical controls, broad knowledge of associated risks, attack vectors and mitigation techniques
• Ability to qualify and/or quantify cybersecurity risks by applying formalized threat risk assessment methodologies
• Excellent English communication skills (written and oral)
• Strong analytical and problem solving skills
• Strong self-discipline and self management skills, able to work effectively on your own and in a team setting
• Strong desire to stay current on the security landscape, threat vectors and assessment of new security trends
  
  

Sounds like you? Click below to apply!

At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.

Questrade Financial Group of companies Applicant Tracking System utilizes artificial intelligence (AI) for application screening. The AI system operates on predetermined criteria, with final decisions subject to human review.

Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.

Apply Now