logo

View all jobs

Information Security Manager - 1548245

Toronto, ON

Our client in Toronto is in search of an Information Security Manager for a full time opportunity

The Information Security Manager will define, implement and manage the Information Security practice in all its aspects. Working with cross-functional teams, the Information Security Manager will develop, lead and manage the implementation of security policies and processes related to the handling of external and internal data, and to the systems, networks and software applications developed or utilized. Hands-on, the Information Security Manager will be competent in public cloud, data centre, and head office security strategies and technologies, and will be able to speak confidently to both corporate and engineering leadership.

 

SUMMARY OF RESPONSIBILITIES

  • Be the leader and manager accountable for information security
  • Identify security risks, develop strategies and create the information security roadmap
  • Create and communicate corporate security policies
  • Plan and manage the implementation of processes required to satisfy security policy requirements
  • Lead and manage the vulnerability management process and execute tasks as required
  • Lead and manage security projects
  • Create and implement data security policies and practices for the transfer, retention and destruction of client data
  • Create and implement policies for firewall perimeter security, public cloud security, data centre security, and office headquarters security
  • Business Continuity Planning
  • Disaster Recovery planning
  • Manage Audit compliance - CSAE 3416 SOC 1, CSAE 3416 SOC 2, ISO 27001
  • Develop strong relationships with cross-functional team members including Developers, IT staff and Clients
  • Co-operate with engineering leads on security facing aspects of software product development
  • Co-operate with infrastructure management on security aspects of the infrastructure
  • Communicate and collaborate with Clients, vendors, auditors and other third parties on information security matters

Experience & Technical Knowledge

  • Over 5 years of experience in information security
  • Experience with creation and documentation of security policies and procedures
  • Expertise in security best practices and their practical implementation in the context of the organization goals and resources
  • Experience with project management, including planning, managing, change and risk management, and reporting to stakeholders
  • Experience with identifying organizational gaps, implementing processes and solutions required for SOC 2 and ISO complianc
  • Demonstrated ability to evaluate, install, configure and operate technical solutions supporting information security needs, for ex. vulnerability management, SSH keys management solutions, etc.
  • Demonstrated experience with Fortinet FortiGate, including firewall rules, VPN tunnels, security policies, etc.
  • Hands-on experience with security management in the public cloud (AWS, GCP) and private cloud (VMware, Xen) security policies
  • Experience with penetration testing and vulnerability scans, assessing issues and recommending solutions
  • Proven experience with creating business case documents in support of security projects and tools
  • Experience with creating content and managing security awareness training
  • Experience with different security solutions and with negotiating and managing vendors and security services providers
  • Ability to bring a security perspective to existing processes, including the creation of questionnaires for security reviews related to software application architecture and infrastructure 
  • Good understanding of asset management and patching
  • Experience with security automation implementation
  • Solid practical experience with PC security practices
  • Experience with software development and the SAFe methodology is an asset
  • Working knowledge of Atlassian Confluence, JIRA and office productivity software.

 

 

Powered by