Job Specifications
IT Risk & Security Operations Specialist
Reports To: Team Lead, IT Risk & Security
Duration: 12-month contract
Effective: ASAP
About Us
REALTOR.ca is a cornerstone of Canada’s real estate market, dedicated to helping millions of Canadians find attainable housing across the country. As the leading real estate platform in Canada, we offer the most comprehensive listings and resources to assist consumers in finding their dream homes. At REALTOR.ca, we are committed to supporting REALTOR® members’ businesses and fostering consumer trust and loyalty. Our dedication to delivering value and continuously adapting to market demands ensures that REALTOR.ca is more than just a listing service- it is the heart of the Canadian real estate experience. Join us and be a part of a team that is at the forefront of the real estate industry, making a significant impact on the lives of Canadians every day.
Position Overview
The IT Risk and Security Operations Specialist is responsible for detecting, preventing, and remediating security threats and incidents through the implementation and management of preventive measures, controls, policies, and tools. This role also involves collaborating with other teams to protect the organization's infrastructure, systems, and data, ensure compliance with security policies, and maintain the overall security posture of the organization. It requires a strong understanding of cybersecurity principles, leadership skills, and effective incident response capabilities.
Core Competencies
Attention to Detail: Keen eye for identifying anomalies and potential security threats
Proactive: Ability to anticipate security issues and take preventive measures
Flexibility, time management skills and ability to prioritize and deliver on time
Key Responsibilities
Monitor Security Systems : Continuously monitor security alerts and events from various sources, including SIEM, firewalls, IDS/IPS and other security tools. Ensure timely detection and response to potential security incidents.
Incident Response : Investigate and respond to security incidents, such as malware infections, unauthorized access, and other security breaches. Coordinate with other teams to contain and remediate incidents, ensuring minimal impact on operations. Document incidents thoroughly, conduct post-incident analysis to improve future response efforts, and develop, implement, and maintain comprehensive incident response policies and processes. Conduct regular tabletop exercises to test and improve these plans.
Threat and Risk Analysis : Analyze and assess potential security threats, vulnerabilities, and risks to the organization. Conduct regular risk assessments to identify and prioritize risks. Provide actionable recommendations for improving security measures and mitigating identified risks. Stay informed about emerging threats and adapt strategies accordingly.
Compliance: Ensure compliance with relevant security standards, policies, and regulations, such as SOC2, ISO 27001, CIS Controls, and NIST frameworks. Assist in internal and external audits and assessments, providing necessary documentation and evidence of compliance. Implement and maintain security policies and procedures to meet regulatory requirements.
Regular Security Assessments : Conduct regular security assessments, including vulnerability scans, penetration tests, and security audits, to identify and address potential weaknesses. Use the findings to enhance the organization's security posture and reduce risk.
Collaboration and Communication : Work closely with other teams and stakeholders to ensure security measures are integrated into all business processes. Communicate effectively to raise awareness and understanding of security policies and procedures.
Continuous Improvement : Stay up to date with the latest security trends, technologies, and best practices. Participate in training and development opportunities to enhance skills and knowledge. Contribute to the continuous improvement of security processes and tools by providing feedback and suggestions based on hands-on experience and industry developments.
Application Security: Collaborate with development and DevOps teams to integrate security into the software development lifecycle by conducting code reviews, threat modeling, and regular static and dynamic application testing. Ensure applications and APIs are protected against common risks such as the OWASP Top 10, while also managing the security of third-party libraries, APIs, and open-source components. Drive the adoption of DevSecOps practices by embedding automated security checks into CI/CD pipelines, and recommend hardening measures for application servers, middleware, and containers to strengthen the overall security posture.
Reporting: Prepare and present detailed reports on security incidents, trends, and the overall security posture to management and other stakeholders. Use these reports to highlight areas of concern, track progress on securit