Security Governance III, Toronto

The role is responsible for leading the penetration test quality assurance program across global markets, ensuring consistency, regulatory alignment, and risk oversight. The position requires reviewing penetration test reports, driving process automation, managing vulnerability records, and advising stakeholders on remediation strategies. In addition, the role will oversee AI-related security issues, build automation frameworks, and deliver training programs to IT engineers and penetration testers. This position provides the opportunity to work with global teams, contribute to AI-driven initiatives, and engage directly with senior leadership and regulators.KEY RESPONSIBILITIES Assess web application penetration test standards in line with enterprise security standards and risk appetite. Promote improvement of global penetration testing processes and governance models. Review and challenge cybersecurity controls including DLP, IAM, cloud configurations, and third-party dependencies.Oversee penetration test processes across Asia and North America markets, ensuring regulatory compliance and quality assurance. Provide remediation advisory services to internal clients on vulnerabilities. Maintain centralized vulnerability records and dashboards using JIRA, SharePoint, Power BI, and Excel VBA.Lead and address AI-related security risks including bias, adversarial attacks, prompt injection, and hallucination. Build and maintain AI agents for penetration test quality assurance. Design and manage automation of penetration testing processes and reporting. Present quarterly risk insights to the Board of Directors.Deliver training sessions to IT engineers and penetration testers on application security risks and best practices. REQUIRED QUALIFICATIONS

Bachelor’s degree in Information Systems, Computer Science, or related field. Minimum 8 years of experience in cybersecurity, IT audit, or application security risk, with at least 3 years in a leadership role (negotiable). Experience in financial services or regulated environments preferred. Knowledgeof audit methodologies, control frameworks, risk management practices, and regulatory requirements relevant to the technology risk domain.Strong proficiency in Power BI, Power Automate, Excel VBA, and SharePoint. Familiarity with penetration testing tools such as Burp Suite and Kali Linux. Deep understanding of cybersecurity frameworks (e.g., OSFI B-13, NIST). PREFERRED QUALIFICATIONS

Excellent communication and stakeholder management skills. Strong analytical and problem-solving abilities. Ability to lead cross-functional teams and drive strategic initiatives. Experience working in diverse and global environments with strong cultural awareness. CERTIFICATIONS

At least one required: CISSP, CISA, CISM, or CRISC.

#J-18808-Ljbffr