We are seeking a security professional for the role of Senior Information Security Specialist who can apply their security knowledge to provide holistic cybersecurity advisory services to the enterprise. In collaboration with our IT team and business partners you will be a part of the technology team responsible for ensuring the safety and resiliency of digital operations.
The ideal candidate will define, develop, and implement technology controls and information security policies, programs, and tools. The Senior Information Security Specialist will be comfortable operating in an ambiguous environment and capable on seeking consensus and applying and communicating clear, concise and logical judgement to all levels of the organization.
Your contributions to the team:
Strategy and Leadership:
Design and lead cyber-resilience strategies.
Improve organizational preparedness through conducting risk assessments, business impact analyses, and align resilience goals to business objectives.
Develop and maintain an incident response plans, continuity strategies, and recovery protocols
Provide expert guidance during security related incidents.
Deliver and serve as a subject matter expert on organizational training initiatives related to IT security.
Propose, pilot, and implement new security controls based on threat landscape and business risk.
Act as a lead expert resource in technology controls / information security for project teams, the business, and vendors.
Apply advanced knowledge of the organization, technology controls, security, and risk management.
Define and prioritize changes to security tools and platforms; work with IT Operations analysts to implement them; validate effectiveness, track health, and manage integrations across the environment.
Security Engineering & Zero-Trust Operations:
In partnership with Information Technology (IT) Operations analysts (subject matter experts), lead the operation of security tools and platforms by defining configuration intent, tuning backlogs, health standards, upgrade plans, and integrations
Implement Zero-Trust controls: device compliance, least privilege, and network/application segmentation across Microsoft 365 security suite of tools and applications
Maintain Center for Internet Security (CIS)-aligned baselines and track configuration drift
Engineer and evolve controls: policy design, configuration profiles, attack surface reduction rules, allow/deny lists, rollback plans; schedule and execute changes through change control.
Develop and maintain detection content (analytics, rules, playbooks) and data pipelines/queries to improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
Propose, pilot, and implement new security capabilities tied to threat landscape and business risk, with clear success criteria.
Threat Detection, Incident Response & Cyber Resilience:
Lead investigations across Microsoft 365 security suite of tools and applications driving containment, eradication, and recovery.
Produce concise technician and executive summaries; run Post-Incident Reviews (PIRs) and track actions to closure.
Design and maintain incident response plans, continuity strategies, recovery protocols, and tabletop exercises; validate backup/restore and recovery objectives; feed lessons into process and configuration updates.
Provide expert guidance during cybersecurity incidents; coordinate with IT Operations for hands-on actions; surge as needed for major incidents or critical deployments.
Deliver targeted training and awareness to strengthen resilience and improve control adoption.
Governance, Requirements & Third-Party Assurance (align, specify, control change):
Align governance to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
Lead business analysis and requirements: define needs, benefits, and problem/opportunity statements; manage scope, estimates, and schedule; apply elicitation techniques; produce user stories, use cases, non-functional requirements (NFRs), integration and data-mapping specs; maintain end-to-end traceability.
Establish process and change management: author runbooks/Standard Operating Procedures (SOPs), exception handling, and a security change flow with Responsible-Accountable-Consulted-Informed (RACI); support Quality Assurance (QA) test plans, defect triage, and readiness activities.
Embed security and framework mapping in Request for Information (RFI) / Request for Proposal (RFP) requirements and vendor integrations
Reporting, Metrics & Executive Communication:
Build consolidated, tool-agnostic dashboards Daily Operations, Weekly Management, Monthly
Report unified metrics (MTTD, MTTR, false-positive rate, control compliance, baseline drift, with consistent definitions).
Publish commentary on trends, exceptions, and decisions required; maintain metric definitions and data lineage so results are auditable.
What you need to be successful:
Post secondary education in computer science, information security or related field (4 year degree preferred).
7 plus years of experience in IT security and risk disciplines.
7 plus years hands on operational experience designing, developing, and implementing comprehensive cyber-resilience strategies.
7 plus years of experience performing risk assessments and business impact analyses; identify vulnerabilities and dependencies.
7 plus hands on experience developing incident response plans, continuity strategies, and recovery protocols
5 plus years of experience leading cross-functional initiatives to enhance preparedness against cyber threats and incidents.
5 plus years of experience with NIST CSF, CIS Controls/CIS Benchmarks, and mapping operational controls to governance frameworks.
Ability to collaborate with IT, security, and business units to align resilience with organizational objectives.
Advanced knowledge of Microsoft 365 / Microsoft Entra ID / Microsoft Intune / Microsoft Defender; SentinelOne; Sublime Security; Kusto Query Language (KQL); Microsoft PowerShell / Python (light automation); Microsoft Power BI reporting.
Ability to work independently and prioritizes tasks in a timely manner.
Advanced facilitation and communication skills with the ability to negotiates and influences stakeholders.
Microsoft certifications such as SC-200 (Microsoft Security Operations Analyst), SC-300 (Microsoft Identity and Access Administrator), SC-400 (Microsoft Information Protection Administrator), or AZ-500 (Microsoft Azure Security Engineer Associate); International Institute of Business Analysis (IIBA) / Certified Business Analysis Professional (CBAP) or equivalent Business Analysis accreditation (assets).
Information security certification/accreditation an asset.
The perks:
Employer paid extended health, vision, and dental coverage (including family)
Employee and Family Assistance Program
Yearly health and wellness benefit
RPP eligibility after one year
Employee recognition program
In-house professional development opportunities
Why Broadstreet?
Broadstreet Properties Ltd. is a family owned and operated property management company, partnered with Seymour Pacific Developments, that manage multi-family residential communities. We are a growing organization made up of diverse team members who are motivated to continuously innovate our approach to asset management. We consider employee wellbeing a priority and are dedicated to protecting the health and safety of our teams while ensuring a workplace that is respectful of everyone.
Broadstreet Properties Ltd. practices equal opportunity hiring and onboarding processes to ensure equal access and participation for everyone. We understand that we have a responsibility for ensuring a safe, dignified, and welcoming environment and we are committed to creating an inclusive environment for all employees irrespective of race, colour, religion, sexual orientation, gender identity, or any other status protected by law. We believe in integrating people with disabilities into our workforce by removing barriers and meeting accessibility needs.
