Information Security Manager (Permanent Position)
Number of Positions: 1 Filled: 0 Duration: -
Location: Scarborough, ON, CA
Must be eligible to work in Canada
Hybrid role for the time being
Responsibilities
Lead the information security team
Define and deliver an enterprise information security strategy, roadmap, and best practices in support of the enterprise’s information security architecture.
Implement a security framework to manage technological risk management including TRA/PIA assessments during project delivery cycle
Ensure ongoing compliance with TCM and regulatory, security and risk requirements
Create and maintains technology standards for the organization
Actively mature security architecture capability
Develop and maintain controls on data quality, interoperability, and sources to effectively manage corporate risk
Develop and maintain the information security posture (policy, architecture, governance) to protect enterprise information assets.
Collaborates with key business and IT leaders to develop security and business continuance standards and action plans.
Directs all security audits and tasks to ensure that the integrity, confidentiality, and availability of information to end-users, is not compromised.
Ensures that IT complies with existing laws and regulations and that the enterprise’s IT environment is secure.
Maintains reliable, up-to-date, information from the government and across the industry regarding identification of new threats and vulnerabilities
Design, review and manage the ongoing assessment of firewall, intrusion detection/intrusion prevention, SIEM, VPN, SSL, Vulnerability assessments, application control, Antivirus, and other network component policies.
Lead the design and implementation of security platforms and their associated software, such as routers, switches, firewalls, WAF, anti-virus, cryptography systems, SIEM, Anti-SPAM and MDM
Oversee third-party security and compliance audits and any resulting remediation actions
Works with IS management team and 3rd party PaaS, SaaS and IaaS vendors
Qualification
University Degree in Computer Science, Information Systems, Business Administration or related disciplines.
Overall 20 years IT and business/industry work experience
Minimum of 8 years in the information security space with exposure to information security consulting working on projects
3 years of leadership experience in managing the information security function (matrix or direct reporting structure)
CISSP certification is mandatory
Experience with security incident response is mandatory
Strong background in security architecture and operations is mandatory
Experience in developing security strategies ideally in retail, wholesale, automotive or manufacturing setting
Proven experience in securing on premise and cloud solutions (IaaS/PaaS/SaaS)
Experience with common information security management frameworks, such as ISO 2700x, COBIT, or NIST
understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting (on-prem and cloud)
Ability to analyze, understand and effectively communicate technical design and implementation
Budgeting, planning, forecasting skills
Prior exposure to vendor management, project management and stakeholder management.
Excellent communication and interpersonal skills
Strong management and team-building skills
Problem-solving, negotiation and decision-making skills to influence management, as well as internal and external partners