Job Title: Security Governance Analyst

Location: Toronto , ON

Work Mode : Hybrid - 3 days

Contract: 6+ months

Description:

Key Responsibilities

• Assess web application penetration test standards aligning with the enterprise application security standards and risk appetite.
• Promote improvement in global penetration test process and governance models with second line of defense, first line control function and local market security functions.
• Review and challenge cybersecurity controls including DLP, IAM, cloud configurations, and third-party dependencies to confirm the security risk reported from a penetration test report.
• Elaborate on the risk and controls of global penetration test process to internal audit functions and regulators.
• Oversee global pentest processes across Asia and North America markets, ensuring regulatory alignment.
• Drive consistency and quality assurance across all pentest engagements and reporting.
• Advise the proper treatment of vulnerability to internal clients as a remediation advisory service.
• Maintain centralized vulnerability records and dashboards using JIRA board, SharePoint, Power BI, and Excel VBA.
• Lead and challenge AI-related security issues including bias, adversarial attacks, prompt injection, and hallucination.
• Build and maintain an AI agent for penetration test quality assurance program.
• Lead, design and manage the automation of penetration test process and quality assurance program.
• Maintain the automated risk reporting processes using Power Automate and Power BI.
• Present quarterly risk insights to the Board of Directors.
• Deliver training sessions to IT engineers and pentesters on application security risks and best practices.

Required Qualifications

• Bachelor’s degree in Information Systems, Computer Science, or related field.
• Minimum 8 years of experience in cybersecurity, IT audit, or application security risk, with at least 3 years in a leadership role.
• Experience in global financial services or regulated environments preferred.
• Knowledge of audit methodologies, control frameworks, risk management practices, and regulatory requirements relevant to the technology risk domain.
• Knowledge of relevant regulatory requirements and industry best practices in cybersecurity.

Certifications (Required)

• CISSP – Certified Information Systems Security Professional
• CISA – Certified Information Systems Auditor
• CISM – Certified Information Security Manager
• CRISC – Certification in Risk and Information Systems Control

Technical Skills

• Strong proficiency in Power BI, Power Automate, Excel VBA, and SharePoint.
• Familiarity with penetration testing tools such as Brup Suite, Kali Linux.
• Deep understanding of cybersecurity frameworks (e.g., OSFI B-13, NIST).

Soft Skills

• Excellent communication and stakeholder management skills.
• Strong analytical and problem-solving abilities.
• Ability to lead cross-functional teams and drive strategic initiatives.
• Demonstrated ability to work effectively in diverse environments and cultures, over a number of geographically dispersed office locations.
• Strong understanding of cultural difference across countries with good relationship skills including a demonstrated ability to deal effectively with staff at all levels and different locations.

Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian's platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.

Dexian's brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit https://dexian.com/ to learn more. Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.