Senior Information Security Specialist

We are seeking a security professional for the role of Senior Information Security Specialist who can apply their security knowledge to provide holistic cybersecurity advisory services to the enterprise. In collaboration with our IT team and business partners you will be a part of the technology team responsible for ensuring the safety and resiliency of digital operations.The ideal candidate will define, develop, and implement technology controls and information security policies, programs, and tools. The Senior Information Security Specialist will be comfortable operating in an ambiguous environment and capable on seeking consensus and applying and communicating clear, concise and logical judgement to all levels of the organization.Your contributions to the team:Strategy and Leadership: Design and lead cyber-resilience strategiesImprove organizational preparedness through conducting risk assessments, business impact analyses, and align resilience goals to business objectives. Develop and maintain an incident response plans, continuity strategies, and recovery protocolsProvide expert guidance during security related incidents. Deliver and serve as a subject matter expert on organizational training initiatives related to IT security. Propose, pilot, and implement new security controls based on threat landscape and business risk. Act as a lead expert resource in technology controls / information security for project teams, the business, and vendorsApply advanced knowledge of the organization, technology controls, security, and risk managementDefine and prioritize changes to security tools and platforms; work with IT Operations analysts to implement them; validate effectiveness, track health, and manage integrations across the environmentSecurity Engineering & Zero-Trust Operations:In partnership with Information Technology (IT) Operations analysts (subject matter experts), lead the operation of security tools and platforms by defining configuration intent, tuning backlogs, health standards, upgrade plans, and integrationsImplement Zero-Trust controls: device compliance, least privilege, and network/application segmentation across Microsoft 365 security suite of tools and applicationsMaintain Center for Internet Security (CIS)-aligned baselines and track configuration driftEngineer and evolve controls: policy design, configuration profiles, attack surface reduction rules, allow/deny lists, rollback plans; schedule and execute changes through change controlDevelop and maintain detection content (analytics, rules, playbooks) and data pipelines/queries to improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)Propose, pilot, and implement new security capabilities tied to threat landscape and business risk, with clear success criteriaThreat Detection, Incident Response & Cyber Resilience:Lead investigations across Microsoft 365 security suite of tools and applications driving containment, eradication, and recoveryProduce concise technician and executive summaries; run Post-Incident Reviews (PIRs) and track actions to closureDesign and maintain incident response plans, continuity strategies, recovery protocols, and tabletop exercises; validate backup/restore and recovery objectives; feed lessons into process and configuration updatesProvide expert guidance during cybersecurity incidents; coordinate with IT Operations for hands-on actions; surge as needed for major incidents or critical deploymentsDeliver targeted training and awareness to strengthen resilience and improve control adoptionGovernance, Requirements & Third-Party Assurance (align, specify, control change):Align governance to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)Lead business analysis and requirements: define needs, benefits, and problem/opportunity statements; manage scope, estimates, and schedule; apply elicitation techniques; produce user stories, use cases, non-functional requirements (NFRs), integration and data-mapping specs; maintain end-to-end traceabilityEstablish process and change management: author runbooks/Standard Operating Procedures (SOPs), exception handling, and a security change flow with Responsible-Accountable-Consulted-Informed (RACI); support Quality Assurance (QA) test plans, defect triage, and readiness activitiesEmbed security and framework mapping in Request for Information (RFI) / Request for Proposal (RFP) requirements and vendor integrationsReporting, Metrics & Executive Communication: Build consolidated, tool-agnostic dashboards Daily Operations, Weekly Management, MonthlyReport unified metrics (MTTD, MTTR, false-positive rate, control compliance, baseline drift, with consistent definitions)Publish commentary on trends, exceptions, and decisions required; maintain metric definitions and data lineage so results are auditableWhat you need to be successful:Post secondary education in computer science, information security or related field (4 year degree preferred). 7 plus years of experience in IT security and risk disciplines7 plus years hands on operational experience designing, developing, and implementing comprehensive cyber-resilience strategies7 plus years of experience performing risk assessments and business impact analyses; identify vulnerabilities and dependencies7 plus hands on experience developing incident response plans, continuity strategies, and recovery protocols5 plus years of experience leading cross-functional initiatives to enhance preparedness against cyber threats and incidents5 plus years of experience with NIST CSF, CIS Controls/CIS Benchmarks, and mapping operational controls to governance frameworksAbility to collaborate with IT, security, and business units to align resilience with organizational objectivesAdvanced knowledge of Microsoft 365 / Microsoft Entra ID / Microsoft Intune / Microsoft Defender; SentinelOne; Sublime Security; Kusto Query Language (KQL); Microsoft PowerShell / Python (light automation); Microsoft Power BI reportingAbility to work independently and prioritizes tasks in a timely manner. Advanced facilitation and communication skills with the ability to negotiates and influences stakeholders. Microsoft certifications such as SC-200 (Microsoft Security Operations Analyst), SC-300 (Microsoft Identity and Access Administrator), SC-400 (Microsoft Information Protection Administrator), or AZ-500 (Microsoft Azure Security Engineer Associate); International Institute of Business Analysis (IIBA) / Certified Business Analysis Professional (CBAP) or equivalent Business Analysis accreditation (assets)Information security certification/accreditation an assetThe perks:Employer paid extended health, vision, and dental coverage (including family)Employee and Family Assistance ProgramYearly health and wellness benefitRPP eligibility after one yearEmployee recognition programIn-house professional development opportunitiesWhy Broadstreet?Broadstreet Properties Ltd. is a family owned and operated property management company, partnered with Seymour Pacific Developments, that manage multi-family residential communities. We are a growing organization made up of diverse team members who are motivated to continuously innovate our approach to asset management. We consider employee wellbeing a priority and are dedicated to protecting the health and safety of our teams while ensuring a workplace that is respectful of everyone.Broadstreet Properties Ltd. practices equal opportunity hiring and onboarding processes to ensure equal access and participation for everyone. We understand that we have a responsibility for ensuring a safe, dignified, and welcoming environment and we are committed to creating an inclusive environment for all employees irrespective of race, colour, religion, sexual orientation, gender identity, or any other status protected by law. We believe in integrating people with disabilities into our workforce by removing barriers and meeting accessibility needs.Powered by JazzHROjw6VcGOEw