IT Security Manager

Rate TBD

Location Vancouver, BC Canada (On-site)

Type of project Business consulting & Finance, Technology Information Security, Management processes

Duration contract ongoing

Education required College/University

Years of experience more than 5

Type of employment N/A

Area of Specialization Computer Sciences

Languages required N/A

Workhoppers Home Vancouver BC

Description

Job Description

Our national IT consulting company, is seeking an
IT Security Manager to help our client provide IT/IM security services
and designs, implement, enforce and maintain policies and procedures
to protect their computing infrastructure (Networks, Systems, Storage)
and Software (both in-house developed and vendor supported) along with
other IT assets (both on premises and in cloud) from all forms of
security threats and risks. This protection is conducted by monitoring
and detecting actual and potential vulnerabilities and neutralizing
the impact of such by employing appropriate counter measures. This
position is also responsible for investigating security related
incidents, regular access privileges reviews and provisioning, taking
appropriate steps to resolve the issues, documenting the process and
providing recommendations to block similar incidents in future.

Responsibilities:

IT Security Management

* Identifies vulnerabilities in current infrastructure and software.
Leads the planning, development, and implementation of security
frameworks and plans to improve incident prevention, detection and
response.
* Leads the development and implementation of information security
technologies, policies, procedures, standards and training, in
alignment with OCIO IT/IM standards, and to minimize privacy and
security risks to assets.
* Leads the development, implementation and maintenance of
information security policies and procedures. Documents security
standards and policies.
* Reviews security of existing and proposed systems, considering new
IT security approaches, and recommends necessary enhancements and
solutions.
* Leads the negotiation and management of information technology
contracts.
* Evaluates requests for security systems changes and enhancements;
determines business feasibility, cost-effectiveness, resource
requirements and impact on current and future systems; and recommends
appropriate action.
* Monitors network usage to ensure compliance with security policies,
conducts reviews of the programs and systems to identify
non-compliance with policies and correct deficiencies; and conducts
security checks for measurement and reporting.
* Keeps up to date with developments in IT security standards and
threats, performs regular scan and penetration tests to find any flaws
and implement countermeasures.

Security Incident Prevention and Investigations

* Investigates all security breaches to determine the source, method
and damage that occurred. Reviews security event reports, access logs,
and determines if further investigation is required. Leads full review
and reporting and elevates to applicable authority as necessary.
Determines specific security needs of an investigation and
requirements to grant or withhold access to data; ensures that data is
properly preserved for presentation in court. Scope of investigation
will include employees’ access to any PII or non PII data.
* Implements corrective measures to prevent recurrence of breaches;
reviews and updates measures on an ongoing basis to ensure currency
with new and emerging threats, and continuous improvement processes.

Leadership

* Provides management and direction to professional staff and project
teams, including recruitment, training, coaching staff, performance
management, providing constructive feedback and development
opportunities, leave and expense approvals, and labor relations issues
such as discipline, termination, and responding to staff grievances.
* Provides management and direction to contractors including
recruitment, training, providing constructive feedback, and monitoring
performance.
* Educates colleagues about security software and best practices for
information security and provide security awareness training for team
and all levels of staff.
* Participates in the planning, management, and allocation of the
Operational and Security related budget.

Education and Experience:

* Bachelor’s Degree in Computer Science or a related field of study
and 8+ years of experience performing IT Security related work; 5
years of which will include hands-on experience in security tools used
to perform analysis, design, and implementation of IT security
policies to protect all software and hardware assets.
* 2+ years of experience in a leadership role.
* Preference may be given to candidates with security related
certifications or designation, and/or candidates with IT Security and
leadership experience in the public sector.
* Proficiency with Microsoft Visio, Project, Excel, SharePoint,
confluence, cyber security tools, penetration testing and other tools
to allow communications and capturing of data in a variety of formats.

Knowledge, Skills and Abilities:

Technical Knowledge:

* Solid knowledge of security appliances (e.g., firewalls, routers,
etc.) and threat and risk assessment processes; knowledge of current
risks and threats; and knowledge of identity access management.
* Advanced knowledge of network/internet security protocols and
technologies such as TLS, PKI, DNSSEC, SPF, DKIM, LDAPS, SMTPS.
* Advanced understanding of general networking security components
such as firewalls, VLANS, ACL’s, NPS, VPN, network segmentation.
* Sound knowledge and awareness of federal and provincial regulatory
requirements
* Sound knowledge of the systems development life cycle and
communication protocols as they relate to secure delivery of
application.
* Sound knowledge of and skills in using PowerShell and other
scripting languages.

Proven ability to:

* Work with security best practices, security monitoring and
detection tools while conducting scans to identify the existing and
potential threats and vulnerabilities, developing technology plans and
roadmaps to prioritize and implement counter measures.
* Lead security related projects as well as identify and evaluate
risks from a business and technological standpoint. Manage or improve
data security in systems such as SQL, Oracle, CIFS, Backups, Disaster
Recovery processes
* Work with multiple types of authentication technologies and MFA
such as Active Directory, RADIUS, WS-Federation, SAML, JWT,
certificates, smart cards.
* Adapt IT system administration processes and access to align with
the Principle of Least Privilege (PoLP) and Separation of Duties.
Audit access privileges for staff and compliance to security standards
and policies.
* Implement and manage system auditing products, and conduct forensic
analysis to identify information relevant to a security incident. Work
with technologies used to monitor for security vulnerabilities, and/or
conduct network penetration tests.
* Define organizational security policies that align with business
requirements and regulatory obligations.
* Develop and implement operational procedural changes to optimize
security in government and/or commercial environments, Develop/execute
data breach or cyber extortion containment and rectification plans.
* Create and maintain documentation suitable for both technical and
non-technical audiences.
* Work with on-premise / cloud hybrid interconnected systems and
associated security considerations.

Skills:

* Strong leadership skills with the ability to manage, coach,
motivate, and inspire professional staff, contractors, and project
teams.
* Excellent skills in establishing and maintaining effective and
collaborative working relationships with people at every level of the
organization and key stakeholders both internal and external.
* Sound judgement skills with the ability to maintain confidentiality
and exercise extreme discretion.
* Excellent interpersonal and communication skills, both verbally and
in writing, with sound ability to communicate complex ideas to
multiple stakeholders.
* Strong organizational skills and the ability to handle pressure and
work in a dynamic work environment, adapting to changing priorities
and deadlines, emerging issues, and competing demands.
* Exceptional critical thinking, analytical thinking, and
decision-making skills with the ability to analyze complex situations,
understand the organizational impact, and make sound judgement.

If you have this expertise, and are able to work in Canada, please
submit your resume. While we thank all candidates in advance for their
application, only those candidates who are shortlisted will be
contacted.