This job post is closed and the position is probably filled. Please do not apply.

Jobs search

JOB DETAILS

Senior IT Manager - Cybersecurity

CSA Group • Full-time • CA, ON, Toronto • 4w ago

Employment Status

Regular

Time Type

Full time

BUILDING A WORLD CLASS TEAM STARTS WITH YOU

At the heart of CSA Group is a vision: making the world a better, safer, more sustainable place. It's been part of our mission for nearly one hundred years: from the first engineering standard for railway bridges developed in 1919, to more than 3,500 standards, codes & related products today.

Headquartered in Canada, with a global footprint of more than 30 labs and offices across Europe, Asia and North America, CSA Group tests, inspects and certifies a wide range of products - from every day househould items to leading edge technology-to meet exacting requirements for safety, performance and environmental impact.

Our employees take pride in making a difference in people's lives through the work that we do. We're looking for people like you to help make it happen.

Job Summary

The Senior IT Manager, Cybersecurity is responsible for leading the cybersecurity team at CSA Group by maintaining the availability, integrity and security of all CSA systems, electronic documents, and intellectual property. This role will provide input into and deliver the IT security strategy and roadmap while ensuring that the company’s information assets are adequately protected from security threats and cyber-hacking. The Senior IT Manager will also develop and deliver the cybersecurity awareness and education strategy to provide all staff and contractors with information and responsibilities on how to better protect CSA Group.

This role interfaces with business unit leaders to implement security controls to ensure appropriate separation of duties and successful audit as well as establish maintenance metrics, key performance indicators and service level agreements for driving performance. This role will also collaborate with IT peers and development teams to ensure internally developed applications include security by design. This role will also help lead the Disaster Recovery overall plan development and maintenance.

Responsibilities

Manage a team of Security Analysts and the Managed Security Services Provider who review, assess, and triage security events and guide the management of events escalating into incidents.
Ensures that CSA Group’s core systems align to security industry standards through the development and execution of formal test plans and procedures.
Oversee employees and vendors who safeguard the company’s assets, intellectual property, and computer systems.
Ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Identify and contain emerging threats before they can have negative impact on business operations and advice relevant stakeholders on appropriate courses of action.
Manage the day-to-day activities of our Incident Response and oversee process and playbook development; ensuring the consistent, efficient, accurate, and timely resolution of escalated events, and mitigations necessitated by threat intelligence and develop for cybersecurity incident recovery plan.
Develop, implement, and administer security policies and procedures to protect CSA Group’s on-premise and cloud networks, infrastructure, systems and public-facing applications from threats and vulnerabilities.
Provide general knowledge and recommendations for security best practices aligned with industry standards.
Ensure threat and vulnerability resources and technology are proactively monitoring 24/7 potential threats and vulnerabilities and protection controls are implemented timely and appropriately to safeguard and maintain business operations.
Act as the subject matter expert to identify security risks then and make recommendations for security best practices aligned with industry standards.
Collaborate with IT peers and development teams to ensure internally developed applications include security by design
Identify and assess risks in implementing business innovations. Provide assessment of those risks to business stakeholders.
Design and execute penetration tests and security audits and develop remediation plans to address any identified gaps and risks.
Understands end-to-end informational and data processes and flows, and works to protect the security, availability, integrity, confidentiality, and privacy of the data.
Leverages external technology providers to ensure CSA can effectively maintain visibility to technology advancements.
Participates in external user groups, conferences, and security councils to ensure that current and future industry standards are understood and assessed for impact to CSA
Leads team for IT Systems and Services Disaster Recovery planning, testing and execution of recovery scenarios, ensuring appropriate detailed documentation of recovery procedures and understanding of individual responsibilities.
Define metrics and reporting strategies that effectively communicate successes and progress of the security program in partnership with the Director/VP as well as IT and business stakeholders.
Develop and track key performance and risk indicators (KPI/KRI) to track overall security performance
Defines service levels and service agreements for CSA Group’s core Systems.

Education And Experience

Bachelor’s or Master’s Degree in Computer Science, Information Security, or other related field. Or equivalent work experience.
Minimum 7 to 10 years of IT security work experience, with at least 5 years of leadership experience in managing a security operations team and leading an enterprise-wide cybersecurity program, preferably aligned to NIST framework.
CISSP certification required with other industry related certifications preferred such as CCSK, CISM.
Experience in security related areas such as security operations, cyber incident management, security architecture, penetration testing IT forensics, and delivering education and awareness.
Experience in IT system support and administration, help desk operations, software quality assurance, change management and technology adoption.
Experience with and knowledge of security, risk, and control frameworks such as NIST, COBIT, ISO 27001 and CIS

Skills

Understanding of Cloud, SaaS, CASB, Mobility, Network, Server Infrastructure, SD-WAN, Application framework and their implications on information security strategy.
Ability to provide strategic direction, develop and mentor people to achieve results and manage external vendors.
Strong leadership skills
Advanced analytical thinking and problem-solving skills
Able to work cross-functionally and think both critically and strategically
Excellent written and oral communication skills

CSA Group is an Equal Opportunity Employer and is committed to diversity, equity, and inclusion. We prohibit discrimination and harassment of any kind based on any grounds stipulated by applicable laws. We are an organization where opportunities are based on skills and abilities, and differences are respected and valued. Please contact us at human.resources@csagroup.org if you require accommodation in the interview process.