Cybersecurity Advisor II

##
** Company:
** Finning International Inc.##
** Number of Openings:
** 1##
** Worker Type:
** Permanent##
*
* Position Overview:

** The Cybersecurity Advisor II supports Finning’s global information security program by providing cybersecurity advisory services across technology, business, and risk initiatives. This role works collaboratively with technology teams, product owners, and business stakeholders to identify security risks, assess control effectiveness, and support alignment with Finning’s security policies, standards, and regulatory requirements.
The Advisor II contributes to security assessments, reviews, and advisory activities within a defined scope, applying established security frameworks and guidance. This role emphasizes practical, risk-based security support and clear communication, helping teams understand and address security requirements while protecting Finning’s information assets.
What we can offer you:  
· Great people and place to work with a hybrid work opportunity  
· Career advancement and training opportunities  
· Pension and employee stock purchase plans with company contributions  
· Extensive health benefits including group medical and dental benefits, and short-term and long-term disability benefits  
· For this position, the expected salary range is between $85,000 and $105,000 annually. This range reflects our commitment to providing competitive compensation that aligns with industry standards and your qualifications.##
*
* Job Description:

**** Major

Job Functions:

**### Cybersecurity Advisory & Risk Support
* Support cybersecurity risk assessments for applications, infrastructure, and business initiatives.
* Participate in solution and design reviews by providing security input aligned with Finning security standards.
* Identify control gaps and document risk observations with recommended remediation options.
* Assist with threat modeling and security review activities using established templates and processes.### Governance, Risk & Compliance
* Support compliance activities aligned to frameworks such as ISO 27001, NIST, and internal Finning security standards.
* Assist with evidence collection and control validation activities for audits and assessments.
* Contribute to the maintenance of security policies, standards, and guidance documentation.
* Track assigned risks and remediation actions in accordance with defined governance processes.### Stakeholder Engagement & Enablement
* Engage with technology and business teams as a security advisor on assigned initiatives.
* Help translate security requirements into clear, actionable guidance for stakeholders.
* Participate in project and working sessions to support the integration of security considerations.
* Support awareness and enablement activities related to secure practices and risk management.### Continuous Improvement
* Contribute ideas to improve advisory processes, assessment approaches, and documentation.
* Stay informed on emerging security risks and industry practices relevant to the role.
* Support the ongoing maturity of Finning’s cybersecurity advisory and GRC capabilities.
** Mandatory (Must-Have)

Skills:

*** 4–6 years of experience in cybersecurity, information security, IT risk, or related IT roles.
* Experience supporting security risk assessments, control reviews, or compliance activities.
* Working knowledge of common security frameworks (e.g., ISO 27001, NIST, CIS).
* General understanding of enterprise technologies (applications, cloud, identity, infrastructure).
* Ability to document risks, controls, and recommendations clearly using defined templates.
* Experience collaborating with cross-functional technology and business teams.
* Post-secondary education in Information Security, IT, Computer Science, or equivalent experience.
** Preferred (Nice-to-Have)

Skills:

*** Exposure to cybersecurity advisory, GRC, or audit-support functions.
* Familiarity with cloud and SaaS security concepts.
* Exposure to application security, identity and access management, or data protection domains.
* Experience supporting internal or external audit activities
* Entry- to mid-level security certifications (e.g., CISSP, CISM, CRISC, ISO…