Information Security Advisor
Reporting directly to the Director, Information Security, the Information Security Consultant will contribute to the development of the short and long term Information Security Plan. This includes working independently and operating at a high level of autonomy within the larger Information Technology team, engaging with stakeholders at all levels within the organization and contributing to the continuous improvement of information security through research, analysis and implementation of information security activities.
- Responsible for producing security artefacts to drive strategy in the security domain.
- Contribute to security system design and architecture frameworks including technology strategy, security policy and governing standards.
- Management of security testing through bi-annual Penetration Testing & remediation.
- Conduct project/program risk assessments and engage in active governance board membership (ARB).
- Conduct monthly security meetings with Technology Infrastructure & Operations and User Engagement teams.
- The primary point of contact to coordinate, participate and monitor Internal Audit, Privacy, and ERM compliance programs/assessments as they relate to IT.
- Ensure company’s on-going compliance with Security Policy.
- Develop and maintain a regular reporting system on KPI’s and the creation of improvement plans based on metrics and measurements.
- Demonstrate expertise in the domain, acting as a Subject Matter Expert with knowledge across multiple security domains.
- Develop and implement security infrastructure solutions in accordance with company’s needs.
- Participate in on-call group for technology support, specifically as it relates to approvals, security related incidents or disaster recovery procedures.
- Analyse and develop detailed incident response plans/playbooks, including root cause analysis and analysing results for formal reporting.
- Lead investigations into security incidents to conclusion, coordinating efforts across the Technology Infrastructure & Operations teams to ensure correct level of participation and interaction.
- Research various components of a security infrastructure including software & hardware, by matching architectural and business requirements, evaluating impact, recommending the best solution, developing a work or project plan, and implementing necessary solutions.
- Minimum of five years of direct Information Security experience
- Experience in IT security and privacy within banking and financial sectors would be an asset
- Technical designations are an asset: CISSP, CISA, CISM, GIAC
- Demonstrated knowledge and use of standards and legislation, (e.g. ISO 27001, PIPEDA, CSAE 3416, COBIT)
- Detailed understanding of Application, Data, Infrastructure and Mobile Security
- Excellent organizational skills and attention to detail.
- Experience in writing policy documents and process development.
- Exceptional integrity as demonstrated by previous positions of trust and authority.
- College diploma, university degree or equivalent in a related field is desirable.
- Ability to execute and deliver independently
- Strong verbal and written communication with the ability to distill complex problems down to easy to understand, consumable pieces of information