- Company Name
- The Canadian Real Estate Association | L'Association canadienne de l'immobilier
- Job Title
- Risk and Security Operations Specialist
- Job Description
-
Job title: Risk and Security Operations Specialist
Role Summary: Protect the organization’s infrastructure, data, and operations by continuously monitoring security events, responding to incidents, performing threat and risk analysis, and ensuring compliance with security standards. Collaborate with IT, development, and business units to embed security into all processes and improve the overall security posture.
Expectations: • Maintain 24/7 monitoring of security controls.
• Identify, investigate, contain, and remediate security incidents promptly.
• Conduct risk assessments, vulnerability scans, penetration tests, and security audits.
• Keep current with evolving threats, frameworks, and best‑practice methodologies.
• Communicate findings and recommendations effectively to technical and non‑technical stakeholders.
Key Responsibilities: • Monitor SIEM, firewalls, IDS/IPS, and other security tools for alerts and anomalies.
• Lead incident response lifecycle—investigation, containment, eradication, recovery, and post‑incident review.
• Develop and maintain incident response policies, playbooks, and tabletop exercises.
• Perform regular security assessments (vulnerability scanning, pen‑testing, audits).
• Analyze threat intelligence, identify risks, and propose mitigation strategies.
• Ensure adherence to SOC2, ISO 27001, CIS Controls, NIST frameworks and institutional policies.
• Assist in internal and external audits, preparing evidence and documentation.
• Embed application security into the SDLC: code reviews, threat modeling, static/dynamic tests.
• Integrate automated security checks into CI/CD pipelines and promote DevSecOps practices.
• Prepare detailed reports on incidents, trends, and security posture for management.
Required Skills: • Strong knowledge of cybersecurity principles, threat modeling, and risk assessment.
• Hands‑on experience with SIEM (e.g., Splunk, QRadar), firewalls, IDS/IPS, endpoint detection and response.
• Proficiency in vulnerability management tools (e.g., Nessus, Qualys) and penetration testing.
• Skilled in incident response, forensics, and post‑incident analysis.
• Familiarity with SOC2, ISO 27001, NIST SP 800‑53, CIS Controls and SOX/PCI‑DSS.
• Understanding of secure software development lifecycle, OWASP Top 10, OWASP ASVS, and DevSecOps principles.
• Excellent analytical, problem‑solving, and communication skills.
• Ability to manage multiple priorities, work independently and collaboratively.
Required Education & Certifications: • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity or related field.
• Certifications preferred: CISSP, CISM, CEH, CRISC, CompTIA Security+, or equivalent.
• Demonstrated experience in security operations, incident response, or risk management.