Senior Analyst - Cyber Threat Modeling and Risk

Join a Challenger Being a traditional bank just isn’t our thing, so we challenge ourselves to get creative in providing innovative banking solutions for Canadians. How do we get there? With a talented team of inquisitive and agile challengers that break through the status quo. So, if you’re passionate about redefining the future of banking—while having fun—this could be your next big opportunity. Our company continues to grow, and today we serve more than 800,000 customers across Canada through Equitable Bank, Canada's Challenger Bank™, and have been around for more than 50 years. Equitable Bank's wholly-owned subsidiary, Concentra Bank, supports credit unions across Canada that serve more than six million members. Together we have over $142 billion in combined assets under management and administration, with a clear mandate to drive change in Canadian banking to enrich people's lives. Our customers have named our EQ Bank digital platform (eqbank.ca) one of the top banks in Canada on the Forbes World's Best Banks list since 2021. The Work The Senior Analyst - Cyber Threat Modeling and Risk supports the Threat Modeling and Risk Assessment program by assisting with the identification, assessment, and tracking of cyber security risks across technology. The role works under the guidance of senior team members to help ensure appropriate security controls are identified early in the design lifecycle, enabling secure and resilient technology solutions while supporting business growth. What we offer [For full-time permanent roles] 💰 Competitive discretionary bonus ✨ Market leading RRSP match program 🩺  Medical, dental, vision, life, and disability benefits 📝  Employee Share Purchase Plan 👶🏽 Maternity/Parental top-up while you care for your little one 🏝 Generous vacation policy and personal days 🖥  Virtual events to connect with your fellow colleagues 🎓  Professional development and comprehensive Career Development program 💛  A fulfilling opportunity to join one of the top FinTechs and help create a new kind of banking experience The incumbent will be working hybrid and in office time will be spent working from Equitable Bank’s additional office space located at 2200-25 Ontario Street, Toronto, ON. Equitable Bank is deeply committed to inclusion. Our organization is stronger and our employees thrive when we honour and celebrate everyone’s diverse experiences and perspectives. In tandem with that commitment, we support and encourage our staff to grow not just in their career path, but personally as well. We commit to providing a barrier-free recruitment process and work environment for all applicants. Please let us know of any accommodations needed so that you can bring your best self to the application process and beyond. All candidates considered for hire must successfully pass a criminal background check and credit check to qualify for hire. While we appreciate your interest in applying, an Equitable recruiter will only contact leading candidates whose skills and qualifications closely match the requirements of the position. We can’t wait to get to know you! The Core Responsibilities! Provide security advisory support to technology and business teams under supervision. Help conduct threat modeling and security assessments for applications and infrastructure. Review solution designs with senior analysts and SMEs to identify threats, attack paths, and risks. Document outputs like data flow and architecture diagrams, along with basic threat scenarios. Assist in tracking and addressing design flaws and security findings from threat modeling. Support onboarding of security services (e.g., MFA, logging, vulnerability scanning) guided by senior team members. Keep accurate records in risk tracking repositories. Aid continuous improvement of threat modeling processes, templates, and documentation. Build foundational knowledge of the organization’s enterprise security frameworks, policies, and standards. Review solution designs for risk and threat assessment. Record risks, threat scenarios, and control gaps in tracking tools. Track remediation actions and assist risk discussions with stakeholders. Build knowledge of cyber security controls and their technology applications. Let's Talk About You! A college diploma or university degree in Computer Science, Information Technology, Cyber Security, or a related discipline is required. 2–3 years of experience in information security, IT risk, or technology roles is preferred. Foundational understanding of threat modeling concepts or methodologies; practical experience is an asset. Basic understanding of application security principles and common vulnerabilities (e.g., OWASP Top 10). Exposure to cloud and hybrid environments is an asset. Ability to support IT security risk assessments and document findings clearly. Familiarity with security diagrams and documentation such as data flow diagrams and architecture diagrams. Understanding of APIs, CI/CD pipelines, or secure software development practices is an asset. Strong communication, documentation, and collaboration skills. Interest in pursuing security certifications (e.g., Security+, CCSP, CISSP in future) is an asset.

{
  "content_hash": "6e2f8da0e1390453e7963340454e210f146529ab60428c6fcc1e08908ffed2c1",
  "source_hash": "5867a9032ed1acf0e1b4015cbb343e0daa7e4d562a148c6665065e89a8d6cf08",
  "last_changed_at": "2026-05-29T07:01:08.077Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Toronto",
    "city": "Toronto",
    "region": "ON",
    "country": "Canada",
    "is_remote": false,
    "confidence": 0.75
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T07:56:38.902Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Toronto",
      "city": "Toronto",
      "region": "ON",
      "country": "Canada",
      "is_remote": false,
      "confidence": 0.75
    },
    "countries": [
      "Canada"
    ]
  },
  "remote_policy": "hybrid",
  "salary_period": null,
  "workplace_type": "hybrid",
  "salary_currency": null
}

{}

{
  "lists": [
    {
      "text": "The Core Responsibilities!",
      "content": "<div>\n\n<li>Provide security advisory support to technology and business teams under supervision.</li>\n<li>Help conduct threat modeling and security assessments for applications and infrastructure.</li>\n<li>Review solution designs with senior analysts and SMEs to identify threats, attack paths, and risks.</li>\n<li>Document outputs like data flow and architecture diagrams, along with basic threat scenarios.</li>\n<li>Assist in tracking and addressing design flaws and security findings from threat modeling.</li>\n<li>Support onboarding of security services (e.g., MFA, logging, vulnerability scanning) guided by senior team members.</li>\n<li>Keep accurate records in risk tracking repositories.</li>\n<li>Aid continuous improvement of threat modeling processes, templates, and documentation.</li>\n<li>Build foundational knowledge of the organization’s enterprise security frameworks, policies, and standards.</li>\n<li>Review solution designs for risk and threat assessment.</li>\n<li>Record risks, threat scenarios, and control gaps in tracking tools.</li>\n<li>Track remediation actions and assist risk discussions with stakeholders.</li>\n<li>Build knowledge of cyber security controls and their technology applications.</li>\n\n</div>"
    },
    {
      "text": "Let's Talk About You!",
      "content": "<div>\n\n<li>A college diploma or university degree in Computer Science, Information Technology, Cyber Security, or a related discipline is required.</li>\n<li>2–3 years of experience in information security, IT risk, or technology roles is preferred.</li>\n<li>Foundational understanding of threat modeling concepts or methodologies; practical experience is an asset.</li>\n<li>Basic understanding of application security principles and common vulnerabilities (e.g., OWASP Top 10).</li>\n<li>Exposure to cloud and hybrid environments is an asset.</li>\n<li>Ability to support IT security risk assessments and document findings clearly.</li>\n<li>Familiarity with security diagrams and documentation such as data flow diagrams and architecture diagrams.</li>\n<li>Understanding of APIs, CI/CD pipelines, or secure software development practices is an asset.</li>\n<li>Strong communication, documentation, and collaboration skills.&nbsp;</li>\n<li>Interest in pursuing security certifications (e.g., Security+, CCSP, CISSP in future) is an asset.</li>\n\n</div>"
    }
  ],
  "country": "CA",
  "createdAt": 1777559157717,
  "updatedAt": null,
  "categories": {
    "team": "Information Security",
    "location": "Toronto",
    "commitment": "Full Time",
    "department": "Information Security",
    "allLocations": [
      "Toronto"
    ]
  },
  "salaryRange": null,
  "workplaceType": "hybrid"
}