IT Security Manager (ID#3588)
We are seeking an IT Security Manager to help our client provide IT/IM security services and designs, implement, enforce and maintain policies and procedures to protect their computing infrastructure (Networks, Systems, Storage) and Software (both in-house developed and vendor supported) along with other IT assets (both on premises and in cloud) from all forms of security threats and risks. This protection is conducted by monitoring and detecting actual and potential vulnerabilities and neutralizing the impact of such by employing appropriate counter measures. This position is also responsible for investigating security related incidents, regular access privileges reviews and provisioning, taking appropriate steps to resolve the issues, documenting the process and providing recommendations to block similar incidents in future.
IT Security Management
- Identifies vulnerabilities in current infrastructure and software. Leads the planning, development, and implementation of security frameworks and plans to improve incident prevention, detection and response.
- Leads the development and implementation of information security technologies, policies, procedures, standards and training, in alignment with OCIO IT/IM standards, and to minimize privacy and security risks to assets.
- Leads the development, implementation and maintenance of information security policies and procedures. Documents security standards and policies.
- Reviews security of existing and proposed systems, considering new IT security approaches, and recommends necessary enhancements and solutions.
- Leads the negotiation and management of information technology contracts.
- Evaluates requests for security systems changes and enhancements; determines business feasibility, cost-effectiveness, resource requirements and impact on current and future systems; and recommends appropriate action.
- Monitors network usage to ensure compliance with security policies, conducts reviews of the programs and systems to identify non-compliance with policies and correct deficiencies; and conducts security checks for measurement and reporting.
- Keeps up to date with developments in IT security standards and threats, performs regular scan and penetration tests to find any flaws and implement countermeasures.
Security Incident Prevention and Investigations
- Investigates all security breaches to determine the source, method and damage that occurred. Reviews security event reports, access logs, and determines if further investigation is required. Leads full review and reporting and elevates to applicable authority as necessary. Determines specific security needs of an investigation and requirements to grant or withhold access to data; ensures that data is properly preserved for presentation in court. Scope of investigation will include employees’ access to any PII or non PII data.
- Implements corrective measures to prevent recurrence of breaches; reviews and updates measures on an ongoing basis to ensure currency with new and emerging threats, and continuous improvement processes.
- Provides management and direction to professional staff and project teams, including recruitment, training, coaching staff, performance management, providing constructive feedback and development opportunities, leave and expense approvals, and labor relations issues such as discipline, termination, and responding to staff grievances.
- Provides management and direction to contractors including recruitment, training, providing constructive feedback, and monitoring performance.
- Educates colleagues about security software and best practices for information security and provide security awareness training for team and all levels of staff.
- Participates in the planning, management, and allocation of the Operational and Security related budget.
Education and Experience:
- Bachelor’s Degree in Computer Science or a related field of study and 8+ years of experience performing IT Security related work; 5 years of which will include hands-on experience in security tools used to perform analysis, design, and implementation of IT security policies to protect all software and hardware assets.
- 2+ years of experience in a leadership role.
- Preference may be given to candidates with security related certifications or designation, and/or candidates with IT Security and leadership experience in the public sector.
- Proficiency with Microsoft Visio, Project, Excel, SharePoint, confluence, cyber security tools, penetration testing and other tools to allow communications and capturing of data in a variety of formats.
Knowledge, Skills and Abilities:
- Solid knowledge of security appliances (e.g., firewalls, routers, etc.) and threat and risk assessment processes; knowledge of current risks and threats; and knowledge of identity access management.
- Advanced knowledge of network/internet security protocols and technologies such as TLS, PKI, DNSSEC, SPF, DKIM, LDAPS, SMTPS.
- Advanced understanding of general networking security components such as firewalls, VLANS, ACL’s, NPS, VPN, network segmentation.
- Sound knowledge and awareness of federal and provincial regulatory requirements
- Sound knowledge of the systems development life cycle and communication protocols as they relate to secure delivery of application.
- Sound knowledge of and skills in using PowerShell and other scripting languages.
Proven ability to:
- Work with security best practices, security monitoring and detection tools while conducting scans to identify the existing and potential threats and vulnerabilities, developing technology plans and roadmaps to prioritize and implement counter measures.
- Lead security related projects as well as identify and evaluate risks from a business and technological standpoint. Manage or improve data security in systems such as SQL, Oracle, CIFS, Backups, Disaster Recovery processes
- Work with multiple types of authentication technologies and MFA such as Active Directory, RADIUS, WS-Federation, SAML, JWT, certificates, smart cards.
- Adapt IT system administration processes and access to align with the Principle of Least Privilege (PoLP) and Separation of Duties. Audit access privileges for staff and compliance to security standards and policies.
- Implement and manage system auditing products, and conduct forensic analysis to identify information relevant to a security incident. Work with technologies used to monitor for security vulnerabilities, and/or conduct network penetration tests.
- Define organizational security policies that align with business requirements and regulatory obligations.
- Develop and implement operational procedural changes to optimize security in government and/or commercial environments, Develop/execute data breach or cyber extortion containment and rectification plans.
- Create and maintain documentation suitable for both technical and non-technical audiences.
- Work with on-premise / cloud hybrid interconnected systems and associated security considerations.
- Strong leadership skills with the ability to manage, coach, motivate, and inspire professional staff, contractors, and project teams.
- Excellent skills in establishing and maintaining effective and collaborative working relationships with people at every level of the organization and key stakeholders both internal and external.
- Sound judgement skills with the ability to maintain confidentiality and exercise extreme discretion.
- Excellent interpersonal and communication skills, both verbally and in writing, with sound ability to communicate complex ideas to multiple stakeholders.
- Strong organizational skills and the ability to handle pressure and work in a dynamic work environment, adapting to changing priorities and deadlines, emerging issues, and competing demands.
- Exceptional critical thinking, analytical thinking, and decision-making skills with the ability to analyze complex situations, understand the organizational impact, and make sound judgement.
If you have this expertise, and are able to work in Canada, please submit your resume. While we thank all candidates in advance for their application, only those candidates who are shortlisted will be contacted.