Search Jobs

Manager of Security Operations (Closed)

About the Opportunity

• Supports the Manager of IT Operations and service providers to develop and implement system and security policies, standards, procedures, controls and roadmaps including incident, problem, release, change availability, capacity management, etc
• Provides advice and guidance to company stakeholders in matters pertaining to infrastructure, operations, policy compliance and security
• Manages risk profiles pertaining to infrastructure technologies and operations; and provides recommendations to mitigate risks
• Conducts the investigation of operational incidents under the direction of the COO, Manager of IT Operations, Risk Management committee and/or service partners
• Includes coordination of activities with IT, business functions and external stakeholders
• Subsequently creates lessons learned and process improvement strategy
• Participates in projects to provide subject matter expertise and advice from an infrastructure, operational and security perspective
• Acts as Company Security Officer
• Supports contract management and compliance as it relates to security
• Supports the Information Security Governance, Risk, and Compliance which include client inquiries, security contracts, risk management, and compliance management
• Specifically responsible for responding to client inquiries in relation to non-proprietary security controls and helps with vendor and customer-initiated audits and security assessments
• Provides support for all corporate audits, including gathering and discussing evidence and managing remediation responses and activities
• Provides lifecycle document management of the organization’s security policies, standards, and procedures.
• Works as a liaison with vendors, legal and purchasing department to establish mutually acceptable contracts and service-level agreements
• Maintains effective relationships with key technology vendors and industry professionals.
• Remains current and informed on all security related regulatory and compliance matters in the industry to better assess the compliance risks and exposures to the organization
• Recommends and assists with the development of appropriate information security policies, standards, procedures, checklists and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization
• Develops, manages, and consults on the technical architecture and strategies for enterprise cyber-security controls, and compliance impacts. Leads the development of cyber-security design patterns, standards, specifications, procedures and practices
• Leads and influences multi-disciplinary teams in implementing and operating cyber-security controls
• Provides cyber-security architecture and systems engineering consulting to IT and business teams
• Mentors and leads junior members of the team and participates in the development of the team's goals and objectives
• Participates in incident handling and cross-team coordination
• Investigates leading technologies in the marketplace and makes assessments regarding relevance to security related technology solutions
• Translates security and technical requirements into business requirements, and communicates security risks to different audiences ranging from business leaders to engineers
• Develops new detective and investigative capabilities using current technical solutions
• Responsible for the growth and maturation of security capabilities and functionality
• Responsible for identifying continuous security capability improvements that will help protect our computing environments
• Contributes to the development of company-wide security strategy

About You

• University degree or equivalent in Information Technology with a minimum of 7 years of information technology experience, 3 years of which in an Information Security role
• Experience and ability in exercising a senior role in the analysis of business requirements, process and policy development/enforcement with a vision and strategy for continual improvement
• Possesses a broad range of infrastructure and operational knowledge (server operations, monitoring, trouble-shooting, network routing and switching, security and access controls, messaging, database administration, storage operation, backup & recovery, data center operations, etc.) and systems development life cycle experience in multiple technological platforms
• Knowledge of ITIL and project management disciplines preferred (certifications an asset)
• Industry recognized security certifications an asset
• Experience with ISO 27001/27002 and/or NIST CIF and/or SOC II Type II is required
• Experience with PCI is an asset
• Ability to acquire, apply and maintain a body of knowledge related to the field, including  technical knowledge of: infrastructure and security solutions pertaining to Network, datacenter, IaaS, SaaS, Virtualization, Firewalls, EndPoint and network security tools and services, multi-factor authentication, PKI, MDM, Identity Management, access controls, etc.
• Experience with scripting, analysis and reporting
• Experience with incident management, vulnerability management and business awareness and education
• Directory Services (Microsoft AD)
• Cisco Intra/Internetworking
• Network Security (e.g. Cisco ASA, ACS, SSL VPN, 2FA)
• Communications Network (e.g. VoIP, Teams, Conferencing, Video)
• Wireless Infrastructure
• Internet Security Services (Web Gateway and Application layer firewalls)
• Messaging Services (MS Exchange, Archiving, Gateway Security)
• Experience with Solarwinds (SEM, NPM, SCM, Orion Platform)
• Demonstrated team leadership abilities to effectively manage cross-functional teams
• Ability to develop rapport and professional relationships with vendors and clients
• Ability to manage several high priority, short deadline projects simultaneously
• Ability to troubleshoot complex issues in a timely and effective manner
• Ability to work independently or as a collaborative team member as situations dictate
• Able to fulfill duties and be on call as required to achieve assigned duties
• Knowledgeable in both qualitative and quantitative risk assessment methodologies
• Understanding of IT/IS concepts and how to articulate those in terms of risk
• Experience with and understanding of overall GRC concepts

Salary

$130,000/year

How to Apply

Click the “Apply Now” button and follow the instructions to submit your resume. Please note that we only accept documents in MS Word or Rich Text formats. When referencing this job, quote #29743.

You must currently reside within the Greater Toronto Area and be permitted to work in Canada to be considered for this opportunity. A recruiter will be in touch with you if your profile meets our client’s requirements for this role.