Information Security Specialist Jobs

Job Title: Information Security Specialist

Description:

We have a permanent, full-time opportunity for an Information Security Specialist in the Innovation and Technology Group. The successful candidate will be a security advocate with IT teams, business stakeholders and end users to design, integrate, and advance Information Security in alignment with the organization’s business objectives while meeting its compliance, legal and regulatory requirements.

Reporting to the Manager, Technology Services (Cyber Security), the Information Security Specialist will be responsible for security operations and administration and providing IT security support and guidance to ensure that the organization’s technical infrastructure and applications meet and/or exceed the defined security policies.

Responsibilities:

• Monitor and analyze technical security controls to detect, report and remediate security incidents
• Provide technical risk assessment, security support and guidance for IT projects/solutions/requests to ensure security controls are reasonably deployed to mitigate risks
• Serve as internal technical point of contact with external managed security monitoring service in incident handling response for information security incidents
• Provide technical support and system administration on various security technology such as security information event monitoring (SIEM), vulnerability management, privilege access management, data protection platforms and multi-factor authentication
• Manage, conduct and optimize vulnerability scans on IT infrastructure and systems
• Collect, generate, monitor and analyze IT operations security metrics to measure the effectiveness of the IT security management processes
• Assist in regularly assessing the strength of the organization’s IT security governance and current processes, procedures and technical controls against NIST 800-53, PCI-DSS and industry best practices, and propose, develop and implement projects and initiatives to remediate control gaps to reduce overall enterprise risk
• Assist and participate in security technical planning, assessment and implementation
• Assess and provide data with recommendations and see to completion for monthly patching to mitigate/remediate organizational risk
• Providing on-call support on a scheduled basis to ensure that any high severity security incidents are resolved in the most expedited manner
• Manage, measure, and audit the Managed Security Services vendor to established contractual and compliance requirements for security monitoring
• Participate in change advisory board to review and evaluate planned technology changes in terms of information security risks
• Research and track information about current security threats, potential vulnerabilities from trusted news sources/external feeds to develop communication plans and/or programs to raise awareness and assess overall enterprise risk exposure as well initiate remediation/mitigation

Experience:

• Knowledge of security, privacy and IT governance frameworks and legislation, such as NIST 800-53, ISO27001, PCI-DSS, privacy legislation.
• BSc in Computer Science or similar bachelor’s degree in a related field with a minimum of 5+ years equivalent of Information Security work experience; or an equivalent combination of training and experience
• 5+ years’ experience with security related appliances such as firewalls, SIEM, IPS, PAM, 2FA, proxy servers with a broad technical knowledge of enterprise-class network and operating system platforms
• Strong leadership and organizational skills, proven by on-time, on-budget delivery of complex, multidisciplinary projects
• Professional Information Security certifications such as Certified Information Systems Security Professional (CISSP), or GIAC Security Essentials (GSEC) are an asset and preferred