Information Security Manager

Information Security Manager

Toronto,†Ontario †-†Permanent


Job Description

The Information Security Manager will define, implement and manage the Information Security practice in all its aspects. Working with cross-functional teams, the Information Security Manager will develop, lead and manage the implementation of security policies and processes related to the handling of external and internal data, and to the systems, networks and software applications developed or utilized by our team. Hands-on, the Information Security Manager will be competent in public cloud, data center, and head office security strategies and technologies, and will be able to speak confidently to both corporate and engineering leadership.

Summary of responsibilities:

● Be the leader and manager accountable for information security
● Identify security risks, develop strategies and create the information security roadmap
● Create and communicate corporate security policies
● Plan and manage the implementation of processes required to satisfy security policy requirements
● Lead and manage the vulnerability management process and execute tasks as required
● Lead and manage security projects
● Create and implement data security policies and practices for the transfer, retention and destruction of client data
● Create and implement policies for firewall perimeter security, public cloud security, data centre security, and office headquarters security
● Business Continuity Planning
● Disaster Recovery planning
● Manage Audit compliance - CSAE 3416 SOC 1, CSAE 3416 SOC 2, ISO 27001
● Develop strong relationships with cross-functional team members including Developers, IT staff and Clients
● Co-operate with engineering leads on security facing aspects of software product development
● Co-operate with infrastructure management on security aspects of our infrastructure
● Communicate and collaborate with clients, vendors, auditors and other third parties on information security matters


Must Have Skills:

● Computer Science or related undergraduate degree/diploma, or equivalent work experience.
● Over 5 years of experience in information security
● Experience with creation and documentation of security policies and procedures
● Expertise in security best practices and their practical implementation in the context of the organization goals and resources
● Experience with project management, including planning, managing, change and risk management, and reporting to stakeholders
● Experience with identifying organizational gaps, implementing processes and solutions required for SOC 2 and ISO compliance
● Demonstrated ability to evaluate, install, configure and operate technical solutions supporting information security needs, for ex. vulnerability management, SSH keys management solutions, etc.
● Demonstrated experience with Fortinet FortiGate, including firewall rules, VPN tunnels, security policies, etc.
● Hands-on experience with security management in the public cloud (AWS, GCP) and private cloud (VMware, Xen) security policies
● Experience with penetration testing and vulnerability scans, assessing issues and recommending solutions
● Proven experience with creating business case documents in support of security projects and tools
● Experience with creating content and managing security awareness training
● Experience with different security solutions and with negotiating and managing vendors and security services providers
● Ability to bring a security perspective to existing processes, including the creation of questionnaires for security reviews related to software application architecture and infrastructure
● Good understanding of asset management and patching
● Experience with security automation implementation
● Solid practical experience with PC security practices
● Experience with software development and the SAFe methodology is an asset
● Working knowledge of Atlassian Confluence, JIRA and office productivity software.

Personal Skills:

● Excellent analytical and problem-solving skills
● Enthusiastic and motivated to learn, adapt and deliver tangible results
● Ability to apply theoretical knowledge and own expertise to defining effective processes and implementing solutions in a software development and SaaS delivery context
● Ability to prioritize and work independently on multiple concurrent projects
● Excellent time management applied to own work and other team membersí tasks
● Demonstrated verbal and written communication skills, including formal documentation
● Ability to listen and understand different points of view and to negotiate win-win solutions
● Strong interpersonal skills and ability to build business relationships
● Ability to interact effectively with peers and all levels of management, including all lines of business, and with external stakeholders
● Ability to summarize data into high-level themes
● Represents us in a professional and positive manner


Details:

Starting: ASAP
Travel: 0%
Dress Code: Business Casual







Similar jobs in Toronto: