Security Specialist

Apply now »

Date: May 18, 2023

Location: Ottawa/GTA, ON, CA, 1A1A1A

Company: Innovapost

Requisition Number: 2363 

Location: GTA/OTT  

Province: Ontario (CA-ON) 

Country: Canada (CA) 

Employment Type: Regular 



Who are we?

We are the technology arm of the Canada Post Group of Companies which includes Canada Post, Purolator, and SCI. Innovapost provides client-specific Information Technology (IT), Information Systems (IS), and business solution services exclusively within the Group and helps them deliver innovative solutions and value to Canadians. Our work transforms operations and modernizes business to meet the demands of the evolving mail, courier, and logistics industries. By joining us you will be able to make a positive impact on how every Canadian sends and receives their packages and mail. Next time you see your neighbour picking up their mail and receiving a package, you will be able to say, “you’re welcome!”



Why join us?

Continuous improvement; a focus on Diversity, Inclusion and Belonging; Environmental and Social Governance; and an investment in a hybrid workplace are just a few of the feathers in our cap. We were also awarded IT World Canada’s 2022 Digital Transformation Award for Large Public Sector organizations. As technology evolves, we believe in providing our high-performing workforce with the skills of tomorrow through continuous learning and career growth. Offering access to learning platforms like Degreed, LinkedIn Leaning, Microsoft Enterprise Skills – as well as a Leadership Developmental Program – Innovapost enables you to connect learning with skills and map your skills to open opportunities within the company.

What role will you play?

Reporting to the Solution Integration Architect (“SIA”), the Security Specialist is responsible for governing all security aspects in the IT solutions in SAP applications and/or in the middleware areas, ensuring compliance to security guidelines set by Innovapost Security COE, compliance to security auditing requirements, and following industrial best practices.

The security specialist is to work closely with other practice leads and the product teams to promote DevSecOps practices. The successful candidate will be driving implementation and adoption of security practices for the product lifecycle of the Business Solution Delivery (BSD) group from Architecture to Design, Test, Deployment and operations.

The security architect is connected to Security COE and is responsible to produce any security assessment or audit report required by Security COE.

What you'll be responsible for:

  • Understand the access model and brings security awareness to the product teams on applicable standards/policies; make recommendations for improvements to existing tools and solutions to keep up with the standards.
  • Responsible for oversight and governance for identity and access management (IAM), including role creation and modification, user creation and assignment with Central User Administration (CUA) and assignment of Structural Authorizations
  • Work with business and project teams to govern SAP/middleware access requests and related issues by following the standardized processes and procedures
  • Assist in resolving issues related to roles & authorization, and in implementing a testing strategy for credentials management, code quality, vulnerability assessment, secrets management, and other roles & authorization related development.
  • Provide support regarding safe code migrations (Transport) in all Cloud environments for SAP applications and/or middleware platform.
  • Performing risk assessments, threat modeling and security architecture reviews, and prepare and maintain security related documents as and when required.

What does it take for this role to be yours?

  • 7+ years progressive experience in the IT Security field.
  • In-depth knowledge of entitlements and access control the various protocols for tracking records such as LDAP
  • Strong SaaS/Application/Network security knowledge and experience. Extensive experience and knowledge in as many as possible of the following areas:
    • Application security, SAP and non-SAP applications
    • Middleware Management
    • Data Security
    • Identity and access management - Azure AD, Okta, OpenID, OAuth, SAML, 2FA
    • Cloud computing, Cloud Network Services and Software-defined networking (SDN)
    • Cyber Security and Cyber Investigation
  • Familiarity with Web technologies and standards – HTTP/S, JSON, REST, SOAP, XML, W3C Standards
  • Network layer technologies – FWs (Juniper, Checkpoint or similar), EDR fundamentals, VPN technologies, DNS
  • SCA and SAST tools – OWASP Dependency-Check, OWASP Dependency-Track, Snyk, Veracode, SonarQube or similar
  • Experience in Disaster Recovery
  • Experience in Test and Evaluation
  • Experience in Risk Management
  • Strong written and verbal communication skills.
  • Strong analytical and problem-solving skills.

Additional skills that set you apart:

  • Experience in designing and configuring SAP security solutions such as GRC Access Control, Identity Access Governance, GRC Process Control, SAP Enterprise Threat Detection and Onapsis
  • Ability to foresee IT risks and implications on SAP ERP programs, with the ability to identify weaknesses and recommend solutions to senior stakeholders
  • Expertise in threat modeling frameworks
  • OWASP Top 10, STRIDE, MITRE ATT&CK framework or similar
  • NIST SP 800-53 Risk Management Framework
  • Security GRC – MetricStream or similar
  • Leadership skills, experience working with various stakeholders
  • Experience using Jira for Agile software development, and deliver methodology  

Education and certification:

  • Academic: University degree in engineering, computer science, business, or equivalent (Required)
  • Certifications: CISSP, CISA, or CISM

What do we value?

At Innovapost, we believe in being:

  • Courageous – doing the right thing
  • INNOvative – leading with a visionary mindset
  • Inclusive – listening without judgement and challenging biases
  • Inspirational – having a positive attitude, interest, and accountability
  • Curious – being inquisitive to learn continuously

We also believe in thinking and acting as one team, having mutual respect, having an inherent bias for action, continuously improving and INNOvating, and trusting others to play their roles.


Diversity, Inclusion & Belonging at Innovapost

We value diversity as an essential part of who we are as a company, how we operate and how we see our future. We believe that attracting, developing, and retaining people who reflect the diversity of Canada is essential to our success. We encourage applications from women, Indigenous people, persons with disabilities and visible minorities.



Innovapost is committed to providing an inclusive and barrier-free work environment, starting with the hiring process. If you are contacted by Innovapost regarding a job opportunity, please advise if you have any restrictions that need to be accommodated. All information received in relation to accommodation will be kept confidential.

The work we do at Innovapost impacts every Canadian. To work with us, you must be eligible to obtain a Canada Post Reliability Security Clearance.

Good luck! We look forward to hearing from you!