We are banking at another level.
Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.
Choosing BDC as your employer also means:
Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few
In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1
A hybrid work model that truly balances work and personal life
Opportunities for learning, training and development, and much more...
The Line of Business Advisory Specialist (BISO) - InfoSec will contribute to the overall successful development and execution of BDC’s overall First Line of Defense IT Tech Risk program designed to give confidence to customers, our shareholder, management, and regulators, that BDC operates in a proactive, well-managed, and risk-conscious manner, by serving as a conduit agent between respective business and InfoSec teams.
Additionally, this position will support the continuously elevating BDC and designated Line of Business’s cyber risk posture by promoting a cyber aware culture, raising awareness on BDC’s Information Security policies, cyber best practices, and working towards identification and reduction of risks in business operations.
CHALLENGES TO BE MET
Support business strategy by aligning with InfoSec security tools/services
Gather insights for InfoSec from businesses to influence CISO strategy and facilitate development of security tools/services to enable business objectives
Provide advice/support to business executives on a wide array of cybersecurity matters (e.g., selection of third parties, raising awareness on new technologies)
Support the LoB and CISO in optimizing costs for establishing and operating security tools by finding opportunities to re-use existing tools/services and leveraging Enterprise tools/technologies as necessary
Build and enhance the function brand and act as a trusted advisor to the business
Improve BDC’s understanding of risk and how to operate in a risk-conscious environment
Deliver in-depth risk assessments/reviews, including identifying and documenting risks and controls, creating detailed process flows and assessing the implementation
Support in the ownership, accountability, oversight, and roadmap of the Tech Risk service
Serve as the LoB point of contact in case of cyber incidents and coordinate a response by bringing business, cyber and other teams together as necessary
Develop, monitor, and report business specific cyber KPIs and KRIs to relevant stakeholders and committees
Provide guidance to third party partners in implementing cyber controls for risk remediation, assist business teams in explaining the impact of identified risks to enable effective decision-making
Collaborate with Enterprise teams to provide data-driven cyber risk insights to business for effective risk management (e.g., zero-day vulnerabilities and their impact on BDC, impact of BDC on failure of key service providers)
Provide recommendations to business application owners on risk events, potential impact to facilitate risk informed decisions
Support Enterprise teams in the identification of risk owners for business assets and ensure that the risk owners are aware of risk impacts
Facilitate business and technology participation in incident response tabletop exercises as needed, and support identified remediation activities
Raise awareness for risk ownership and decision making focused on risk reduction while meeting business objectives and in accordance with BDC risk management framework
Lead cybersecurity assessments to meet internal (high risk) and external risk reporting/ compliance requirements
Collaborate with Cyber Operations to monitor the external threats and regulatory environment related to the business to ensure appropriate coverage and mitigation of risks through policies and strategies
Collaborate with InfoSec to build and maintain relationships with regulators and financial institutions to facilitate the exchange of information and ideas
Raise the bar for cybersecurity awareness within business executives by promoting targeted learning and awareness campaigns (e.g., spear phishing)
WHAT WE ARE LOOKING FOR
8+ years of experience in information security, technology risk, or related field
3+ years of experience in communicating and reporting to executive leaders
3+ years of experience working with teams in managing financial products
Professional certifications in information security (e.g., CISSP, CCSP, CISM) are an asset
Knowledge of IT-related frameworks (i.e., NIST CSF, COBIT, ISO27001/27002)
Understanding of SDLC gates, vulnerability severity (CVE), risks and potential impacts
Understanding of business processes, transformation initiatives and associated cyber needs within the financial services industry
Ability to operate in a cross functional team environment, and to manage multiple complex priorities and competing agendas of different teams
Ability to interpret/translate information security policies, standards, technical cybersecurity controls and requirements to business teams and leaders
Ability to articulate cybersecurity risks and impacts into business terms
Ability to communicate with executive leadership and present reports, metrics etc.
Proudly one of Canada’s Top 100 Employers and one of Canada’s Best Diversity Employers, we are committed to fostering a diverse, equitable, inclusive and accessible environment where all employees can thrive and feel empowered to bring their whole selves to work. If you require an accommodation to complete your application, please do not hesitate to contact us at
While we appreciate all applications, we advise that only the candidates selected to participate in the recruitment process will be contacted.