Cybersecurity Advisor II

Major Job Functions:

• Support cybersecurity risk assessments for applications, infrastructure, and business initiatives.
• Participate in solution and design reviews by providing security input aligned with Finning security standards.
• Identify control gaps and document risk observations with recommended remediation options.
• Assist with threat modeling and security review activities using established templates and processes.

• Support compliance activities aligned to frameworks such as ISO 27001, NIST, and internal Finning security standards.
• Assist with evidence collection and control validation activities for audits and assessments.
• Contribute to the maintenance of security policies, standards, and guidance documentation.
• Track assigned risks and remediation actions in accordance with defined governance processes.

• Engage with technology and business teams as a security advisor on assigned initiatives.
• Help translate security requirements into clear, actionable guidance for stakeholders.
• Participate in project and working sessions to support the integration of security considerations.
• Support awareness and enablement activities related to secure practices and risk management.

• Contribute ideas to improve advisory processes, assessment approaches, and documentation.
• Stay informed on emerging security risks and industry practices relevant to the role.
• Support the ongoing maturity of Finning's cybersecurity advisory and GRC capabilities.

Mandatory (Must-Have) Skills:

• 4–6 years of experience in cybersecurity, information security, IT risk, or related IT roles.
• Experience supporting security risk assessments, control reviews, or compliance activities.
• Working knowledge of common security frameworks (e.g., ISO 27001, NIST, CIS).
• General understanding of enterprise technologies (applications, cloud, identity, infrastructure).
• Ability to document risks, controls, and recommendations clearly using defined templates.
• Experience collaborating with cross-functional technology and business teams.
• Post-secondary education in Information Security, IT, Computer Science, or equivalent experience.

Preferred (Nice-to-Have) Skills:

• Exposure to cybersecurity advisory, GRC, or audit-support functions.
• Familiarity with cloud and SaaS security concepts.
• Exposure to application security, identity and access management, or data protection domains.
• Experience supporting internal or external audit activities
• Entry- to mid-level security certifications (e.g., CISSP, CISM, CRISC, ISO

Soft Skills

• Clear written and verbal communication skills.
• Ability to explain security concepts to both technical and non-technical audiences.
• Strong attention to detail and analytical thinking.
• Practical, risk-based problem-solving approach.
• Ability to manage assigned work independently within defined priorities.
• Collaborative and professional stakeholder engagement style.
• Willingness to learn and grow within the cybersecurity discipline.

At Finning, we prioritize creating a diverse and inclusive environment. We are proud to be an equal opportunity employer, and we actively encourage all individuals to express themselves and achieve their full potential. As a company, we continuously strive to enhance our outreach to individuals of all backgrounds and identities. We do not discriminate against applicants based on gender identity, race, national and ethnic origin, religion, age, sexual orientation, marital and family status, and/or mental or physical disabilities. Furthermore, Finning is committed to collaborating with and providing reasonable accommodations /adjustments to individuals with disabilities. If you require an adjustment/accommodation at any point during the recruitment process, please inform your recruiter.