Information Systems Security Officer (ISSO)
Job Overview
Job title: Information Systems Security Officer (ISSO)
Job description: Company Profiles
Weir has been in business since 1871 and our sustainability and success has been built on attracting, retaining, and developing exceptional people.
As a global company, employing around 15,000 people in over 70 countries, we reflect the diversity of our customers in the diversity of our people and ensure everyone is given the opportunity to flourish regardless of their gender, race, beliefs or background.
Weir is an inclusive and innovative organisation where you can be your authentic self. We continually develop our talent and diversity of thought to keep our business relevant, innovative and successful for the future.
Enabling our people to unleash their full potential is central to ‘We are Weir’, our vision, mission, and strategic priorities. We aim to be the most admired engineering business in our markets and we’ll achieve that ambition by being the employer of choice in our markets.
We offer a wide range of career opportunities across a variety of technical and business roles in engineering, manufacturing and service locations worldwide.
Business Need / Purpose of Role
Weir Marine Engineering (WME) currently has a challenging opportunity for an Information System Security Officer (ISSO). WME, part of Weir Canada, Inc., has a long term contract to operate and manage the Naval Engineering Test Establishment (NETE), which is a Department of National Defence (DND) facility located in Montreal (LaSalle), Quebec, and which also has operations in Ottawa/Gatineau, Halifax and Victoria. Over 350 personnel are currently employed by Weir at NETE and other DND sites, supporting the Royal Canadian Navy (RCN) and DND in a wide variety of technical areas
This permanent position is based in LaSalle, Quebec.
Objectives & Measurement – Key Responsibilities
The ISSO will help shape and enhance the security and cybersecurity posture of the IT networks at NETE.
The role of the ISSO will be to develop, implement, and maintain policies and procedures, provide technical recommendations, provide cybersecurity guidance and support to the local IT System Subject Matter Experts (SMEs), as well as provide monitoring and oversight, all in support of the goal of ensuring the compliance, certification and accreditation (C&A) of NETE IT systems and networks. The ISSO will remain independent from other NETE IT SMEs/administrators despite working closely with them on many activities.
The ISSO will be a member of Quality and Security Team within the General Manager Section and will report to the Manager, NETE Administration Support, who is also Weir Canada, Inc.’s Company Security Officer.
The Roles and Responsibilities for this position are broken down into three main areas and includes:
PROCEDURES and POLICIES
- Prepares, distributes, and maintains plans, instructions, guidance, and standard operational procedures related to Information Security (IS);
- Develops, implements, and maintains IS programs for multiple IT networks and systems;
- Develops procedures to maintain security and protect systems from security threats;
- Develops, implements, and maintains change management and incident handling policies and procedures;
- Develops and implements programs to ensure that systems, networks, and users follow IT Security policies and procedures; and
- Works with local IT system SME to ensure that best practices are incorporated into policies and procedures.
COMPLIANCE
- Drafts, tracks and follows up on Plans of Actions & Milestones (POA&M’s);
- Coordinates with local IT system SMEs for the implementation of POA&Ms and correction of deficiencies;
- Participates in external audits and inspections;
- Supports DND Security Assessment and Authorization (SA&A) process;
- Conducts IT Security risk assessments and internal audits;
- Prepares, reviews, and evaluates documentation of compliance;
- Manages IT Security compliance efforts and ensures adherence to local and DND IT Security policies and procedures;
- Reviews and approves IT Security and risk mitigation plans;
- Performs testing of IT Security plans such as Security Orders, Business Continuity Plan, Recovery Plans, etc.;
- Responds to DND identified vulnerabilities by coordinating assessments and mitigation measures with local IT systems SMEs, and compiling data for centralized reporting;
- Responds to IT Security incidents and coordinates with local IT system SMEs to ensure corrective actions are carried out;
- Interacts with various departments and individuals across the enterprise to achieve IS security objectives; and
- Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures.
TECHNICAL
- Reviews potential software, hardware, and firmware for compliance with appropriate security configuration guidelines, policies, and procedures;
- Identifies alternative functional security strategies to address organizational security concerns;
- Reviews security safeguards to determine that security concerns identified in approved policies, plans, and doctrine have been fully addressed;
- Implements effective security monitoring protocols; appropriately responds to and remediates information security threats;
- Provides leadership and concurrence in configuration control, planning, and implementation of projects for computer security and enterprise system administration;
- Serves as the primary point of contact for cybersecurity policy, guidance, and implementation;
- Assesses impact of system modifications and new technologies; and
- Provides training on IT Security policies and procedures, and general cybersecurity awareness.
Health & Safety Key Responsibilities & Requirements:
- Able to work in a manner that ensures the safety of themselves and others
- Able to demonstrate compliance to company safety procedures and legal obligations
- Recognise and report and resolve hazards identified
- Confidence and ability to intervene on practices deemed to be unsafe
- Engage and promote a zero harm culture
- Be aware of physical limitations based upon job requirements
Job Knowledge / Education and Qualifications
Education/Experience:
- Experience in developing and applying IT Security policies, processes, and standards for IS in a government organization or large enterprise;
- Experience with DND IT Security policies, processes, and regulations, including the SAAG, DWAN/CSNI Security Orders and DAOD 6000 series publications, would be an asset;
- Experience with DND, RCMP, and/or other government department SA&A processes for information systems would be an asset;
- Extensive theoretical and technical understanding of computer security, application level security, systems security, and network security;
- Recognized IT Security certifications (e.g. CISSP, CISM, CISA) would be highly desirable;
- Experience with the application of IT Security to mechanical / electrical / control systems with IP-based components or with interfaces to IP networks would be an asset;
- Experience with DND systems and networks, and/or with the Navy or marine environment, would be an asset;
- Experience working in a client environment to assist in promoting IT Security and system security engineering processes to build security into systems using information technology; and
- Recognized IT Security certifications (e.g. CISSP, CISM, CISA) would be highly desirable.
Certifications, Licenses, Registrations, Special Skills:
Eligible to obtain a Government of Canada security clearance (requires Canadian citizenship and 10 years of residence in Canada).
Occasional travel (~5%) may be required. Weir Canada, Inc. is an equal opportunity employer that offers a full range of benefits, flexible hours, a stable and challenging work environment, and the chance to become part of a dynamic and highly skilled group.
Core Competencies
To perform the job successfully, an individual should demonstrate the following competencies:
Safety and Security – Observes safety and security procedures; determines appropriate action beyond guidelines; reports potentially unsafe conditions; uses equipment and materials properly.
Analytical – Synthesizes complex or diverse information; collects and researches data; and uses intuition and experience to complement data.
Design – Translates concepts and information into drawings; uses feedback to modify designs; applies design principles; and demonstrates attention to detail.
Problem Solving – Identifies and resolves problems in a timely manner; gathers and analyzes information skillfully; and uses reason even when dealing with emotional topics.
Interpersonal Skills – Focuses on solving conflict, not blaming; maintains confidentiality; listens to others without interrupting; keeps emotions under control; and remains open to others’ ideas and tries new things.
Teamwork – Balances team and individual responsibilities; exhibits objectivity and openness to others’ views; gives and welcomes feedback; contributes to building a positive team spirit; puts success of team above own interests; able to build morale and group commitments to goals and objectives; and supports everyone’s efforts to succeed.
Organizational Skills – Excels at time management and multitasking; and makes use of available tools to manage tasks.
Ethics – Treats people with respect; keeps commitments; inspires the trust of others; works with integrity and ethically; and upholds organizational values.
Company: Weir Group
Expected salary:
Location: LaSalle, QC
Job date: Sat, 12 Jun 2021 22:13:24 GMT