AddressIGM Financial Inc. is one of Canada's leading diversified wealth and asset management companies with approximately $271 billion in total assets under managements. The company provides a broad range of financial planning and investment management services to help more than two million Canadians meet their financial goals. Its activities are carried out principally through IG Wealth Management, Mackenzie Investments and Investment Planning Counsel.
Under IGM Financial’s unique business model based on leading brands and multi-channel distribution strategy is Mackenzie Investments, founded in 1967. Mackenzie Investments is a holistic asset-management partner for thousands of Canadian financial advisors and the investors they support.
At Mackenzie Investments You Can Build Your Career with Confidence.
We have a vision and a strategy that will challenge the way business in this industry is done and help Canadians be successful in the ways that mean the most to them. As part of our team, you will do some of your best work, develop some of your most valuable skills and give back in ways that make a difference in the lives of Canadians. We are proud to be recognized as one of Greater Toronto’s Top Employers (2022) by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while working remotely, while also providing resources to ensure physical and mental wellness were put front and centre.
Join an unstoppable team that is embedded in continuous learning, understanding, and knowledge sharing. You will thrive in our supportive environment where you can indulge your curiosity to learn, while receiving the feedback you need to refine your skills and abilities. We are dedicated to offering a hybrid work environment when applicable.
Mackenzie Investments is a diverse workplace committed to doing business inclusively - this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada – including racialized persons, women, Indigenous persons, persons with disabilities, 2SLGBTQIA+ community, gender diverse and neurodiverse individuals, as well as all who may contribute to the further diversification of ideas.
Role & Responsibility
IGM is looking for experienced cross-functional subject matter experts to drive best-in-class security advisory services, to support the design, implementation, and deployment of secure-by-design security controls in technology solutions that align to corporate security standards, policies, and industry regulations across IGM. The candidate is expected to support IGM teams to provide expert advice to support efforts for protecting the data, systems, applications, and critical information.
Mandatory: The candidate must have hands-on experience in computer or software engineering in their previous careers that include the Design, Build, Operationalization and of technology solutions.
Essential Responsibilities
- Provides support to IGM Technology and Business Groups by ensuring alignment with Information Security standards and policies with a specific focus on implementation of controls in applications, data, cloud platforms, systems, networks and end-point solutions
- Represents Information Security and provides support to IGM Technology and Business Groups by suggesting ways to implement security requirements to protect Company information from intentional or accidental disclosure, modification, or destruction and improve overall Security and reduce Risk
- Creates and publishes security guidelines, design patterns, standards, and best practices and educates IGM Technology and Business Groups for incorporation into applications, data, cloud platforms, and infrastructure solutions
- Consults broadly with the Technology and Business Groups and Enterprise Services to guide and influence implementation of security in technology decisions and initiatives
- Technology Patterns Analysis & Approvals
- Data & Cyber Security Consulting
- Threat & Risk Advisory
- Threat Modeling
- Secure-by-Design Security Requirements
- Zero Trust Models
- Mobile, API, Data, Cloud Application Security Assessments
- Information Security Consultations
- Evaluates existing cloud infrastructure and identify potential threats and gaps in security posture and prioritize remediation efforts
- Supports a balanced approach for security controls and support of governance practices
- Foster strong cross-functional partnerships for consistent delivery through seamless communication and coordination
- Performs research on issues as needed to ensure suggestions meet necessary business security and regulatory requirements
- Seeks industry trends and organization knowledge to understand and implement effective security practices
- Develop security programs by reviewing existing programs; conducting comprehensive reviews of threats; evaluating and analyzing relevant data points
This role must have expertise in the following areas:
Cloud Platform Security
- Cloud security controls:
- Cloud identity
- DNS / CDN / CASB
- Virtual Machine Security
- Container Security: Provide guidance and advice in implementing tools and policies to ensure that container infrastructure, apps, and other container components are protected across their entire attack surface
- Virtualised Security Appliances
- Cloud-to-Cloud Integration
- Monitoring/Log integration
- Segmentation & Environment Isolation
- Participate and contribute to IGM’s SaaS/PaaS/IaaS Strategy
- Contribute to SaaS/PaaS/IaaS Policy and Guidelines
- Governance and Compliance Enforcement
- Provide guidance to IGM Technology and Business Groups for cloud Specific BCP and DR
- SLAs & performance management
- Data ownership, liability, incidents, privacy compliance
- Security assurance
- Management of Shadow IT
- Collaborate and provide guidance to IT Risk teams for cloud risk evaluations
- Microsoft Active Directory and Azure Active Directory
- SharePoint Online and OneDrive
- Exchange Online Protection
- Anti-Spam control
- Anti-Virus Protection
- Advanced Threat Protection
- Phishing & Impersonation Protections
- Email Encryption
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
- Microsoft Sentinel SIEM
- Microsoft Intune
- Microsoft Defender
Key Areas of Expertise for the Team
The Security Advisory Services team provides expertise in these additional areas:
Application Security
- Secure by Design principles
- Secure Application Development
- Defense-in-Depth
- Threat Modeling
- Design Reviews
- Secure Coding
- Static Analysis
- Security Testing
- Secure Coding Training & Review
- File Integrity Monitoring
- Application Vulnerability Testing
- Inventory of Open-Source Components
- SecDevOps Framework and CI/CD pipeline
- Source Code Supply Chain Security
- Release Management
- GO/NO-GO: Ensuring Compliance to Security
- Data & Process mapping
- Immutable Air Gapped Backups
- Data Access Governance:
- Information Ownership & Custodianship
- Application Access Controls
- Role-Based Access Controls
- Encryption and Key Management Lifecycle
- Encryption & Masking
- Public Key Infrastructure
- Encryption at Rest and in Transit
- Business Partner Access:
- Access Approval
- Access Reviews
- Access Removal
- Identity Federation & Access Automation
- Data Loss Prevention (DLP):
- DLP & Data Classification Policy Enforcement
- Data Loss Channels Configurations
- Data Retention & Destruction
- Hardening
- Patching / Software Updates
- Anti-Malware
- Endpoint Detection & Response
- Desktop Security
- Device Tracking
- Encryption
- PIN / Password Enforcement
- Apps Inventory & Deployment Control
- Containerisation / Data Segregation
- Lost/Stolen Devices
- Cloud Storage of Data
- Security Health Checks
- Network Access Control
- Privileged User Control
- Policy Management
- Access to Corporate Data from Non-Corporate Devices
- Asset Management
- Defense-in-Depth
- Service Continuity & Disaster Recovery
- Hardening & Patching
- Anti-Malware & APT protection
- Backups, Replication, Multiple Sites
- Host Intrusion Prevention System (HIPS)
- Security Monitoring
- Innovation – Exploiting Emerging Tech
- AI, ML & Robotics
- Crypto Currencies
- Blockchain
- 5G
- IOT / Operational Technology security
- Firewalls, IDS, IPS, Full Packet Inspection
- DDoS
- Detection of Misconfigurations
- Secure Remote Access
- Proxy / Content Filtering
- Secure Wireless Networks
- Network Function Virtualisation & SD-WAN
- Physical Access Control & Monitoring
- Intrusion Detection & Response
- Theft Prevention
- Environmental Controls / Power & HVAC
- Information & Communications Technology Controls
- Fire Detection & Suppression
- Redundancy
- BCP / Work Area Recovery sites
- 10+ years of expertise in several Information Security and/or Information Technology disciplines (e.g. Cloud Computing, Platform, Network, Application Development, Penetration Testing, etc.)
- Solid knowledge of cloud technologies and services (GCP, Azure, AWS, Kubernetes and IAM, CI/CD pipelines, Infrastructure as code).
- Demonstrated experience in developing and applying leading security practices in a large-scale Information Security, Technology Risk or Vendor Risk environments
- Advanced working experience with security control frameworks, e.g. NIST CSF, NIST 800-53, ISO 27001, ISO 27002, ISO 27017, ISO 27018, PCI DSS, MITRE ATT&CK and CIS Critical Security Controls
- One or more industry recognised security certification(s) (CISSP, CCSP, CISM, CRISC, etc.) is an asset
- Certifications from major cloud providers is nice to have (Google, Microsoft, or AWS) is an asset
- Ability to partner with diverse stakeholders in complex scenarios with excellent liaison, communication, influence, and presentation skills
- Effective communication skills, with the ability to be both assertive and influential, across levels and teams within the organization
- Strategic thinker, skilled at connecting dots across stakeholder teams while facilitating progress through program leadership
- Strong desire to implement change and contribute to the organization
- Knowledge of the Financial Services industry would be an asset
For internal applicants, please share with your current leader your intent to apply to the role. In the event that you are selected, please let your Talent Acquisition Partner know if you are in any other internal recruitment process.
We thank all applicants for their interest in Mackenzie Investments; however only those candidates selected for an interview will be contacted.
Mackenzie Investments is an accessible employer committed to providing a barrier free recruitment experience. If you require an accommodation or this information in an alternate format at any stage of the recruitment process, please reach out to the Talent Acquisition team who will work with you to meet your needs.
Please apply by February 2, 2023.
