PROCOM Surrey, British Columbia
09 janv., 2020Permanent - Temps plein
We're looking for a candidate to fill this position in an exciting company. Lead and provide security subject matter expertise in the planning & implementation in the operational security elements for the organization. Participate as part of the Change Advisory Board and/or designated approver in the review of major or significant changes as it pertains to the confidentiality, integrity, and availability of the production infrastructure. Responsible for the development, configuration and monitoring of SIEM and/or other security components in the alerting, analysis, and reporting of security events. Coordinate with 3rd party security partners and vendors, including a 3rd party SOC. Follow up and regularly report on the remediation activities and progress made by the applicable ITG teams in the identified vulnerabilities and risks Regularly, as well as where material changes to the production environment occur, review and assess all IT systems and infrastructure components to provide assurance of their proper and secure configuration and operations. Perform as the CSIRT Technical Lead in order to properly analyze, contain, eradicate, and recover an information security incident, providing relevant updates to the CSIRT Manager along the way. Contribute to developing applicable and relevant metrics to measure the efficiency and effectiveness of the operation of security and of the program in order to improve and mature the security posture within the organization. Maintain knowledge and skills in order to stay current on emerging threats and issues, trends and technology solutions. Provide risk analysis in the technical aspects of applications and infrastructure to ensure adequate levels of security are deployed at the system level. Provide technical expertise, support and training to staff on security practices. Lead in the identification of potential vulnerabilities within systems, networks, DBs, applications and recommend suitable controls and countermeasures to mitigate such vulnerabilities. Review the implementation and operation of security systems and their corresponding or associated software to ensure they operate as designed. Coordinate regulatory and other audit requests with applicable ITG and business teams, as required. Perform specialized security penetration testing or vulnerability assessment testing, where and when required. Provide guidance to other IT operational teams around cyber threats and potential technical and non-technical mitigating controls. Minimum 7 - 9 Years of Job Related Experience Bachelor's Degree or a diploma requiring 3 - 4 years of full-time study Expertise and extensive experience with administering security products and services, such as anti-virus, firewalls, DLP, SIEM, Web Security Gateways, email SPAM, etc. Expert Working knowledge of systems and application development, system integration methodologies, IT best practices, and information security. Expert hands on and working knowledge and understanding of technical and administrative controls for web, application, client/server, database and network security controls with previous hands on experience. Expert knowledge and extensive experience in risk assessments and identification of control strengths/weaknesses and opportunities for improvement of current/proposed infrastructures, systems, 3rd party ISP/ASP and cloud environments. Expertise and extensive experience in security and compliance audits, internal/external penetration analysis, and vulnerability research. Expertise and extensive experience with assessing and auditing network controls such as firewalls, IDS/IDP, DNS, VPN, 2-factor authentication, port/packet filtering, VLANs, physical and logical separation of network segments, security zoning, and Broad based proficiency and some in-depth advanced knowledge in a wide range of technologies along with a solid grasp of the trends and direction for emerging technologies. Hands on proficiency experience with Microsoft enterprise level products and Unix/Linux based environments and technologies. Proficient through experience and tenacity to seek out pertinent information from vendors and 3rd parties in their capabilities and their relative strengths and weaknesses in terms of security. Advanced to expert working knowledge and in the application of ISO 27001/2, COBIT, and ITIL. Proficiency with NIST, SABSA, TOGAF, and other industry best practices would be an asset. Proficient to advanced along with knowledge of legislation and regulations affecting information security and the financial industry, such as INTERAC, FICOM, OSFI, BC PIPA / PIPEDA, and PCI-DSS. Experience with and knowledge of INTERAC, FICOM, and Member of ISACA or part of the local information security or assurance community would be an asset. Excellent organizational skills. Ability to set and manage priorities judiciously. Excellent written and oral communication skills. Ability to present ideas in business-friendly and user-friendly language. Exceptionally self-motivated and directed. Keen attention to detail. Superior analytical, evaluative, and problem-solving abilities. Ability to motivate in a team-oriented, collaborative environment. Ability to research, recommend and implement industry best practices.