Manager Information Security

Job Overview

Job title: Manager Information Security

Job description: The Manager, Information Security (IS) is responsible for maturing and maintaining IS functions including daily operations, incident response, application security assurance, agile security practices, improving protective & defensive controls, providing security guidance from architecture through to implementation and third party risk management. The role is also accountable for collaborating with external information security intelligence bodies for proactive defense, raising Coast Capital’s IS profile, contributing to the cyber community and developing a IS talent pipeline.

What you’ll get to do:

  • Develop and maintain applicable and relevant metrics to measure the efficiency and effectiveness of the operation of IT security in order to improve and mature the security posture within the organization, along with the reporting of KPIs and KRIs
  • Develop, implement and maintain security policies, procedures, technical standards, and guidelines as it relates to the IS Coast. Ensure Secure by Design principles are followed.
  • Develop and oversee strategies to identify, detect, and prevent malicious activity. Embed security testing into Continue Deliver practices.
  • Champion for emerging technologies and techniques that further the security and scalability of Coast systems and services.
  • Responsible for Coast’s Security governance, risk reporting, security policies and procedures to manage regulatory compliance, manage information security risks and mitigate emerging cybersecurity threats.
  • Drive operational efficiency through rigorous budget oversight, improve platform ROI and contract negotiations/renewals
  • Responsible for IS operations, controls and adherence to policies, ensuring alignment to the overall risk appetite of the organization and changes to regulatory and compliance policies. Maintain key stakeholder relationships.
  • Manage, mentor, train and provide overall guidance to the operational security team. Demonstrate IS thought leadership in IS community and develop an IS talent pipeline Provide coverage as the Information Security Officer as required.
  • Work in conjunction with the other IT managers to ensure alignment between the IT security operations team and the other IT operations and services/solution teams.
  • Ensure adequate scoping and resourcing is coordinated with the Manager, Security Architecture & Information Security Risk and the Project Managers in the technical security assessments and assurance services on new system projects.
  • Perform as the CSIRT Manager for all cyber / information security incidents, as well as participate as a member of the IT emergency response team (ERT), and the corporate incident response team (IRT).
  • Ensure appropriate actions are taken by the CSIRT team in order to analyze, contain, eradicate, and recover from an information security incident, providing relevant updates along the way.
  • Ensure the proper monitoring of security events, alerting, and reporting by working with key stakeholders, other IT managers, and potentially other external organizations
  • Ensure regular technical security assessments and technical assurance services are performed and reported in a quality and consistent manner. Ensure security platforms are configured, maintained and functioning as intended.
  • Ensure regular audit/review and assessment of privileged access to key systems, devices, security control effectiveness and security maturity are performed and reported in a timely fashion.
  • Ensure that potential vulnerabilities are identified and reported to applicable IT management, along with recommendations of suitable controls and countermeasures to help mitigate.
  • Manage the relationship, service levels and deliverables of 3rd party security partners and vendors, including a 3rd party SOC.
  • Ensure all new vendors meet baseline security measures, standards & requirements to protect Coast systems, applications, employee and member data.

Who are we looking for?

  • Minimum 7-10 years of relevant experience in the management of IT, at least 3 years of experience in IT Security Operations, preferably a number of years in the management of security team, technical audit or public/private practice consulting. 5 years experience leading a team.
  • Bachelor’s Degree or a diploma requiring 3 – 4 years of full-time study.
  • Bachelor’s degree in technology preferred. Minimum 3 year diploma in Technology and experience required. One or more of Industry security certifications such as CISSP, CISM, CGEIT, CISA required. One or more of relevant SANS and/or technical vendor/industry certification preferred.
  • Advanced knowledge and experience in running an in-house security operations, hybrid, or in the management of a 3rd party SOC vendor.
  • Advanced knowledge and extensive experience in risk assessing and identifying control strengths/weaknesses and opportunities for improvement of current/proposed infrastructures, systems, 3rd party ISP/ASP and cloud environments.
  • Advanced working knowledge and understanding of technical and administrative controls for web, application, client/server, database and network security controls.
  • Advanced knowledge of systems and application development, system integration methodologies, IT best practices, and information security.
  • Broad based proficiency and some in-depth knowledge in a wide range of technologies along with a solid grasp of the trends and direction for emerging technologies.
  • Advanced experience in security and compliance audits, internal/external penetration analysis, and vulnerability research.
  • Advanced experience with assessing and auditing network controls such as firewalls, IDS/IDP, DNS, VPN, 2-factor authentication, port/packet filtering, VLANs, physical and logical separation of network segments, security zoning, and traffic analysis.
  • Advanced and extensive experience with administering security products and services, such as anti-virus, firewalls, DLP, SIEM, Web Security Gateways, email SPAM, etc.
  • Proficiency through experience and tenacity to seek out pertinent information from vendors and 3rd parties in their capabilities and their relative strengths and weaknesses in terms of security.
  • Proficient knowledge ISO 27001/2, COBIT and ITIL.
  • Member of ISSA, ISACA or part of the local information security or assurance community would be an asset.
  • Proficiency with NIST, SABSA, TOGAF and other industry best practices an asset
  • Proficient knowledge of legislation and regulations affecting information security and the financial industry, BC PIPA / PIPEDA and PCI-DSS
  • Knowledge of INTERAC, FICOM, and/or OSFI regulations an asset
  • Demonstrated skill in team building, development and coaching.and ability to motivate in a team-oriented, collaborative environment
  • Excellent organizational skills with keen attention to detail
  • Ability to set and manage priorities judiciously
  • Excellent written and oral communication skills
  • Excellent interpersonal skills and service oriented
  • Ability to present ideas in business-friendly and user-friendly language
  • Exceptionally self-motivated and directed
  • Superior analytical, evaluative, and problem-solving abilities
  • Ability to research, recommend and implement industry best practices

At Coast Capital, we value diversity, equity and inclusion. We’re not all the same and we like it that way. We don’t just accept differences – we celebrate, support, and we thrive on them for the benefit of our employees, our members, and our community. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe, the more inclusive we are, the better our work will be.

Company: Coast Capital Savings

Expected salary:

Location: Toronto, ON – Vancouver, BC

Job date: Wed, 02 Jun 2021 06:51:46 GMT

Apply for this job

A job board that helps you to get the right job based on your skills and experience.

Contact Us

info@firstnationswork.com