Senior Information Security Specialist, Governance and Compliance Full-time Job
Dec 9th, 2024 at 13:14 IT & Telecoms Toronto 19 views Reference: 10725Job Details
What you’ll do:
The Senior Information Security Specialist, Governance and Compliance will lead the charge in maintaining cyber security policies and standards, responding to regulator and auditor inquiries, and providing an advisory function to the business surrounding cyber security governance.
-
Provide senior level advisory services to cybersecurity, technology teams, and business team members, as required
-
Create and maintain cyber security policies and standards
-
Manage the cyber security policy exemption management processes by assessing policy exception requests, maintaining the exception workflows, and updating and keeping current the exception database
-
Respond to external inquires regarding cyber security (e.g. ESG, regulators, etc.)
-
Analyze and assess cyber security related business scenarios and prepares/presents position papers providing risk-based recommendations to assist the leadership team in making informed decisions
-
Oversee and provide guidance on the cyber security configuration compliance management program for both on prem and cloud environments
-
Oversee and provide guidance on the cyber security vulnerability, configuration & patch remediation management programs
-
Oversee and provide guidance on the Cloud security compliance management program
-
Design and perform annual reviews of configuration benchmarks for teams to follow for new and existing systems
-
Keep current with ongoing trends and changes within the cyber security community
What you bring:
-
University degree preferably in an IT related discipline
-
CISSP, and/or CISM, and/or CISA, and/or CRISC designations would be an asset
-
8-10+ years experience in information security, and/or IT Audit/Compliance, and/or external audit
-
Extensive experience with governance and risk policy review, creation, and implementation, particularly concerning Azure cloud
-
Strong understanding of IT, cloud and cyber security concepts and best practices
-
Strong technical writing skills for the creation of new security polices and controls
-
Understands cyber security risks and control frameworks including NIST CSF, CIS, COBIT 5, PCI DSS, accepted CIS benchmark, MS Azure security benchmark and ISO 270001
-
Extensive experience with Microsoft Azure Portal/Security Center to monitor and manage vulnerabilities, security policy compliance and all outstanding Microsoft recommendation
-
Understanding of Agile concepts and practices
-
Ability to communicate and influence effectively at all levels from technical staff to company leadership team
-
Proven ability to weigh business needs with information security priorities and make sound risk-based judgement calls
-
Experienced with analyzing and assessing cyber security related business scenarios, performing risk assessments, and preparing position papers outlining sound, risk-based recommendations
-
Experienced with analyzing and assessing cyber security policy exception requests and providing risk-based recommendations
-
Experience overseeing cyber security configuration compliance programs
-
Experience overseeing cyber security vulnerability & patch management programs
-
Experience overseeing Cloud security compliance management programs
-
Experience with developing security baselines based on industry accepted CIS benchmark, MS Azure security benchmark, PCI DSS benchmark, etc. and conduct regular reviews to update existing custom baselines
-
Experience with security assessment tools such as Tripwire, Nexpose, MS Defender, McAfee EPO, Kenna, etc.
-
Technical knowledge including Linux, Windows, AIX, databases, network and security appliances and firewalls/IDS/IPS, web and cloud-based applications, secure coding practices, and cloud security
-
Highly proficient with MS Office suite of products
Hybrid
We value flexibility. We have adopted a hybrid work model whereby employees use a combination of working in office and virtually in service of outcomes. Each leader is empowered to decide what work is best achieved in person based on the unique needs of their team.