Information Security Officer

Hybrid model - In-office presence on Wednesdays only)

BrainFinance is a leading financial technology company that provides responsible and constructive credit solutions to consumers.

We are redefining access to credit through our revolutionary technology that utilizes machine learning and automation capabilities to offer better and simpler financial services to everyone.

A true innovation lab, our team consists of financial experts, data geeks, mathematicians, computer scientists, and software engineers, all working together to bring fair and transparent credit solutions to the masses.

Here's what we're looking for

As an Information Security Officer ( ISO ) , you will be the key defender of the organization’s IT infrastructure, safeguarding systems and data from security threats.

You'll lead the management of security solutions, conduct assessments, and implement strategies to ensure strong protection.

Acting as the primary responder to incidents, you’ll work closely with cross-functional teams to strengthen the company’s security posture.

You’ll also ensure compliance with industry standards and Canadian regulations, particularly in the financial sector, while educating staff on best practices and staying ahead of emerging threats to keep the organization secure.

Your daily responsibilities

• Lead the development and implementation of information security strategies, policies, and standards;
• Ensure compliance with Canadian regulatory requirements for information security and risk management in financial institutions;
• Provide guidance and support to staff on security best practices, policies, and processes, fostering a culture of security awareness and compliance;
• Stay up to date on emerging threats, technologies, and regulatory changes in the financial industry, incorporating them into security strategies and initiatives;
• Overseeing penetration tests to identify vulnerabilities and recommend solutions;
• Collaborate with management and the IT department to enhance security measures;
• Document and assess the impact of any security breaches;
• Educate employees on security software and best practices for information security;
• Proactively identify, assess, manage, and mitigate potential security threats;
• Support the company’s incident response plans and contribute to continuous improvement;
• Evaluate information security systems, methods, and practices for effectiveness;
• Track and monitor security-related issues and regularly assess the network perimeter for intrusions;
• Execute testing engagements according to established standards to ensure timely completion;
• Conduct thorough research and analysis during testing engagements;
• Collaborate with key stakeholders throughout testing initiatives;
• Follow up on findings from testing engagements in line with established protocols.;
• Identify matters requiring further attention, escalation, or review, and liaise with the appropriate groups to resolve them;
• Demonstrate a strong understanding of compliance with information security requirements;
• Adhere to internal policies, technology control standards, and applicable regulatory guidelines;
• Foster a strong culture of technology risk management across the organization, influencing behavior to reduce risk.

Your skills and experience

• Bachelor’s degree in Computer Science, Information Security, or related field;
• 5+ years of experience in a similar role;
• Hands-on experience with security tools and handling cybersecurity incidents;
• Strong knowledge of network / system security protocols, vulnerability scanning, and penetration testing;
• Understanding of compliance frameworks (NIST, ISO) and regulatory standards;
• Familiarity with cloud security and risk assessment methodologies;
• Experience mitigating information security risks (fraud, compliance, KYC, insider risk);
• Proven ability to lead cross-functional teams and drive security initiatives;
• Strong analytical and problem-solving skills;
• Experience drafting complete case investigation notes for senior leaders;
• Detail-oriented with the ability to audit security controls and protocols.

Perks and benefits

• Group Insurance (Health and Dental)
• Retirement Savings Plan (RSP)
• Virtual healthcare
• Employee Assistance Program (EAP)
• Hybrid - Office / remote (the team is in the office on Wednesdays)
• Additional Days off (Moving day, Birthday, 5 personal days)
• Health and Wellness Program
• Office perks : Event Coordinator responsible for social activities, 5-7, snacks provided, yoga and meditation room
• Paid subscription to training tools
• Benefits for public transportation (Bixi, Opus)
• Modern open plan office with pin pong, and pool table
• A friendly and relaxed working environment
23 hours ago