Threat Risk Assessment Specialist

Questrade Financial Group (QFG) of Companies is committed to helping our customers become much more financially successful and secure.

We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.

This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, there are flexible working arrangements so you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at Questrade.

What’s it like working as a Threat Risk Assessment Specialist at Questrade?
As a Threat Risk Assessment Specialist, you will be working in the CISO function and reporting to the Manager, Cybersecurity Risk.
Your primary activity is to perform cybersecurity threat risk analysis on various technology solutions, configurations, technologies and vendors, in order to assess, qualify and quantify the risk and potential impacts in line with existing methodologies and industry best practices.
You will collaborate with other teams and third parties to identify weaknesses and potential attack vectors. You will document your findings and recommended enhancements or compensating controls that will reduce the residual risk and enable the initiatives to proceed within Questrade cyber risk tolerance.
Need more details? Keep reading…
In this role, responsibilities include but are not limited to:
• Perform cybersecurity threat risk analysis on various technology solutions, configurations, technologies and vendors, in order to assess, qualify and quantify the risk and potential impacts in line with existing methodologies and industry best practices
• Review firewall rule change requests to identify potential risks and exposures
• Support the cybersecurity threat risk assessment program and assist in the improvement of the underlying processes to support the rapid pace of business and technology changes in support of our Agile methodology
• Drive continuous risk reduction by collaborating with internal cybersecurity and IT teams to assess proposed changes against compliance with Information Security Policy and Standards and adherence to best practices
• Work with internal subject matter experts to undertake an in-depth analysis of risks and provide risk mitigation guidance
• Influence and encourage stakeholders to prioritize and execute risk management initiatives and drive remediation of process and risks
• Support the end-to-end operation of the threat risk assessment (TRA) program
• Continuously identify TRA process gaps and opportunities for improvement to efficiently yet safely support the rapidly growing organization
• Organize, track and retain detailed risk assessment documentation
• Participate in team meetings and contribute to technical discussions, track time and activity
• Support the Cybersecurity Risk team and wider CISO function on ad-hoc projects
So are YOU our next Threat Risk Assessment Specialist? You are if you…
• University/Community College Business Administration, Information Technology or Engineering degree/diploma (or equivalent) or equivalent work experience
• Experience with performing Cybersecurity Threat Risk Assessments TRAs
• An understanding of firewall rules and access control lists (ACLs) and how to assess them from a risk perspective
• Knowledge of cybersecurity, networks, operating systems and applications
• Knowledge of cybersecurity risk frameworks such as DoD RFM, OCTAVE FORTE, FAIR, NIST 800-30, and NIST 800-39
• Knowledge of cybersecurity controls, frameworks and principles such as NIST CSF, CIS CSC, PCI DSS, OWASP, S-SDLC, Agile
• Strong understanding of cybersecurity technical controls, broad knowledge of associated risks, attack vectors and mitigation techniques
• Ability to qualify and/or quantify cybersecurity risks by applying formalized threat risk assessment methodologies
• Excellent English communication skills (written and oral)
• Strong analytical and problem solving skills
• Strong self-discipline and self management skills, able to work effectively on your own and in a team setting
• Strong desire to stay current on the security landscape, threat vectors and assessment of new security trends
Sounds like you? Click below to apply! #LI-CP1

At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.

Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.