Mitre Attack Framework jobs

We are hiring a Senior Manager, Security Architecture and Operations!
Reporting To: Assistant Vice President
Full-Time/Part- Time: Full-time
Salary Range: $130,000-$150,000
Posting Date: June 4, 2026
Closing Date: June 18, 2026
Hours of Work: 8:30 a.m. – 5:00 p.m.
Grade: 16.4
Office Location: Toronto, ON Great location! Steps away from the main public transit station

What we offer:
Highly competitive compensation package which includes, base salary, bonus, benefits, and career advancement opportunities!

• Eligibility for benefits is dependent on the terms of employment

The Opportunity
A strategic and integral member of the Information Security Team, reporting to the AVP, Information Security is responsible for ensuring the security, integrity, and availability of First National information assets. The candidate will contribute to the management and continuous improvement of multiple security programs. The position entails the development, implementation, and maintenance of the security controls, through people, processes, and technology, across the organization.

This role requires the following skills:

• Knowledgeable about architecture & design principles, network security, application security, vulnerability management, and incident management principles.
• Assess the threat landscape and work internally to protect the organization from risk.
• Must be highly technical and possess at least 8 years' experience in security operations and system design across on-premise infrastructure, cloud infrastructure, applications, and user endpoints infrastructure.
• Effective and dynamic communicator.

Primary Duties and Responsibilities:

• Maintain secure, resilient enterprise-grade processes in tandem with various IT stakeholders, such as, Information Security, IT Infrastructure and Operations, Application Development, etc.
• Maintain oversight of security systems and security configuration administration to adequately respond to risk to enterprise systems and accounts, both on-premise and the cloud.
• Actively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats.
• Prepare period reports to Information Security and IT Leadership to showcase the current security posture of our Information Security Program
• Protect systems in compliance with Information security policies and standards such as ISO 27001 and SOC2.
• Manage a team of Information Security professionals across multiple programs.
• Influence internal and external partners to ensure they build solutions consistent with the organization's planned policies, programs, architectural recommendations, and Information Security standards, including within the cloud.
• Attend regular technical project and implementation meetings and serve as the security ambassador to help guide secure application and infrastructure configurations, for on-premise and cloud systems.
• Manage the day-to-day activities of threat and vulnerability management, recommend treatment plans, and communicate information about risks.
• Support in the documentation of risks and mitigating controls, including policy/procedure updates.

Security Operations and Incident Management Program

• Lead the implementation, configuration, and daily operation of Information Security technologies that are implemented in First National’s environments.
• Act as a key figure in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement within the department; and within the organization, from a technical standpoint.
• Orchestrate the incident response process within the department, and work with key stakeholders within the department to respond, resolve and recover from the incident.
• Manage third-party security partners, ensure objectives are met, and work in partnership to continuously improve security operations processes.
• Act as an active participant within Incident Tabletop exercises
• Streamline, mature and automate (where applicable), the Incident Response playbooks and processes within the organization.

Vulnerability Management Program

• Analyze threat and vulnerability feeds data for applicability to the environment and perform compensating controls analysis and validate efficacy of existing controls and provide recommendations.
• Lead the team to perform security research, analysis, assessments and support with penetration testing and remediation actions. This includes:
• The external and internal coordination of periodic penetration testing and remediation tracking
• Conduct application and network vulnerability assessments to evaluate attack vectors, identify vulnerabilities, and develop remediation plans.
• Work with IT stakeholders to guide and assist them during the remediation process.
• Develop and mature the Offensive Security Program that entails, web application penetration testing, red/purple teaming, etc.

Application Security Program

• Ensure coverage and remediate of secure code review with Application Development stakeholders (including SAST & DAST)
• Work with the Application Development leadership and delivery teams to integrate security controls within the development pipeline ensuring an efficient development process with early security control gates.
• Working with IT groups to define, develop, socialize, and execute long-term application security roadmap.
• Assisting in the evaluation, selection, onboarding, and management of AppSec vendors and tools.

Threat Modelling

• Perform periodic threat modelling and maintain the model for currency and tracking of any risk remediation activities.
• Assess information technology control elements to mitigate IT security risks regarding the confidentiality, integrity and availability of information and assets.

Audit and Compliance Management

• Support the Information Security Department to provide adequate evidence to support the audit and provide responses for remediations.
• Provide guidance and supervision on Information Security compliance to ensure Security controls are functioning appropriately within the organization.
• Advise on development and implementation of Information Security metrics, measurement criteria and reporting to ensure compliance and continuous improvement.
• Perform periodic compliance reporting to provide assurance of coverage and effectiveness of controls, such as, but not limited to
• Secure configuration audits to complement the on-going Infrastructure and Application Vulnerability Management program.
• Certificate scanning and work with the internal stakeholders to address any issues.
• Review and tracking of firewall rule base review.
• Configurations of Web Application Firewalls (WAF)

Education/Certification/Experience Requirements:

• 3+ years of experience with Microsoft Azure platform capabilities, best practices with architectures, and security toolsets.
• 3+ years Security System administration and engineering experience in on-premise and/or cloud infrastructure.
• 2+ years of SOC experience or responding to traditional or cloud based cyber security investigations.
• Candidates with certifications such as CCSP, CISSP, or CISM, are preferred.
• Experience with MS Sentinel, and Microsoft suite of security products, such as, but not limited to, Defender for Endpoint, Defender for Identity, Defender for cloud, etc.
• Experience in incident response and forensics a strong asset.
• Familiarity with the MITRE ATT&CK framework.
• Fundamental network security understanding.

Skills and Attributes:

• Track record of planning and executing complex work efforts.
• Strong interpersonal communication, analysis, and writing skills.
• Ability to align management and leadership strategies when working on projects.
• Ability to work effectively with business unit and IT department managers, including Application Development, Infrastructure, Operations, Network, Technical Support, and others.
• Superior verbal and written communication skills.
• Must be a team player.

Why join First National?

• Competitive Compensation
• Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up)
• Extensive training programs to set our employees up for success
• Modern office environment conducive to collaboration
• Supportive teamwork culture
• Opportunities to give back to the communities and work through events focused on a variety of charities
• Ongoing social events throughout the year

The team you’ll join:
Founded in 1988, First National is one of Canada’s largest non-bank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canada’s largest commercial mortgage lender.
First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.

We would like to thank all applications for their interest in this existing vacancy, but only candidates selected for an interview will be contacted.

Artificial Intelligence is not used in our recruitment or hiring process for this role.
First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation and any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at accessibility@firstnational.ca should you need an accommodation at any point in the recruitment process.

#FNLOON