Play a lead role in delivering security strategy, process, and management, guiding the implementation of information security measures to ensure the preservation of the confidentiality, privacy, integrity and availability of information assets and systems. Support the design and development of IT security architecture and processes in support of internal and external (e-business) objectives.
• Ensures that security concepts and practices are a priority, and contemplated in the design/build phase of projects.
• Assesses information systems security risks to the organization.
• Develops and completes reports for management.
• Provides consultative interface to IT and Business.
• Develops comprehensive information technology security standards, policies and procedures for applications, networks, systems, data and e-business infrastructure.
• Manages the information technology policy exception process.
• Contributes to information technology security awareness programs; communicates security standards and associated responsibilities; monitors security points for system integrity and evaluates effectiveness of security programs.
• Evaluates and makes recommendations on information technology security hardware/software; participates in security testing reviews for new or modified systems and post-implementation reviews to assess compliance of security processes with established standards.
• Monitors and recommends security patches; advises on security issues, documents, and security environment.
• Collaborates with others to implement security systems, practices and processes (i.e. infrastructure, disaster recovery).
• Conducts security threat and risk assessments of IT facilities, application systems and communications; conducts and manages Vulnerability Assessments.
• Reviews and manages Intrusion Detection/Intrusion Prevention systems, operating system hardening processes, application security reviews, on-site assessment processes, attack and penetration testing.
• Investigates security incidents, reporting causes and related weaknesses and recommends remedies
• Provides advice on the security aspects of application systems under development.
• Develop and deliver IT Security awareness and training programs.
• Assists with IT and Security projects, providing leadership, guidance, and technical resource.
• Other duties as required.
Suitable candidates will have exceptional leadership skills, strong written and oral communication skills, and the ability to work in a complex, fast paced environment.
The ideal candidate will have 2-5 years work experience in information security analysis and design, and integration into applications, systems and networks.
Completion of a university degree in Computer Science or Computer Engineering, or equivalent experience. Possesses, or is working towards, CISSP, GIAC and/or CISA certification.
The candidate must have knowledge of personnel, technical, physical, and procedural threats and vulnerabilities; IT Security products, safeguards and best practices; IT Security risk mitigation strategies, threats to, and vulnerabilities of, operating systems such as MS, and wireless architectures; IT Security architecture, and experience conducting Threat and Risk Assessments.