Position: Security Manager Research
Location: Ottawa, Ontario, Canada
Position Type: Permanent
Reporting to the Director, Information Security, the Information Security Manager (Research) will provide leadership and work in partnership with research groups and individuals to understand policies, assess security risk, establish strategic direction and provide direction on priorities. The incumbent will also have an advisory role and provide direct consultation to the Director, Information Security as well as the CIO and VP Research and International. The incumbent will interact with members of the community, more specifically the research community, to continually evolve and ensure compliance with the information security policies and the regulatory environment.
The Information Security Manager (Research) will serve as the subject matter expert for information security on key research security initiatives. This position requires a thorough knowledge of Information Security including access control, cryptography, security operations, communications security, system development and maintenance, computer architecture, information security management, systems security law, investigation protocols, and application program security.
The incumbent provides leadership in the analysis and assessment of the information security elements of the IT environment, provides information security advice and guidance to all stakeholders, maintains and supports all elements of the information security program including development of procedures and processes for researchers to maximize use of OneDrive for Business, securing research data on mobile devices through the deployment of Microsoft’s Enterprise Mobility Suite, managing the deployment of a portal for researchers to acquire endpoint security software, development of procedures to guide researchers in securing data on hard drives and USB devices, developing researcher-specific security guidance around the protection of research data. A key component of all work performed is in support of research initiatives. The position may require management of others.
The position is one of 7 direct reports to the Director, Information Security.
Analyzes and assesses information security elements of the IT environment – specific duties include:
- Supporting the deployment of OneDrive for Business with a specific focus on the research community
- Maturation and operation of the Vulnerability Management Program in support of mandatory compliance to PCI DSS and resolution of audit findings.
The role includes:
- Support of the vulnerability alerting service
- Performance of Vulnerability Assessments and Penetration Tests
- Reporting on Vulnerability Assessment findings and assistance with guidance on remediation of findings
- Responsible for the support and configuration of the Security Information Event Management system
- Research specific Incident investigations and responses, including reporting to management on the impact to the information systems
- Augmenting information security awareness within the research community
- Ensuring ITS commit time for service tickets that include review of and approval of firewall rule changes in support of research initiatives
- Development and maintenance of departmental processes and procedures related to research
- Planning and managing research-related information security projects (including the supervision of technical team members) to implement new technical security controls
- Perform other duties as assigned by your immediate manager
Key Must Haves:
- A minimum of a Bachelors’ Degree (B.Sc.) in computer science, information technology, information management, or a related field. Other education and direct information security experience may be considered.
- Six (6) to ten (10) years’ progressive experience in computing and security with Internet technologies and security issues.
- Must have a solid understanding of information technology and information security (e.g. firewalls, VPNs, vulnerability assessments, access control and security devices), risk analysis and risk management.
- Must also have experience with conducting information security audits and implementing recommended security controls, as well as three (1) to five (3) years of supervisory experience are preferable.
- A security-related certification such as Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), or Certified Information Systems Manager (CISM), is preferred.
Other Required Skills:
- Proven experience in planning, organizing, and developing Information security and facility security system technologies.
- Experience in planning and executing security policies and standards development.
- Excellent knowledge of technology environments, including information security, building security, and defense solutions.
- Considerable knowledge of business processes, management, and production operations.
- Substantial exposure to varying hardware platforms, and enterprise software applications.
- Experience with systems design and development from business requirement analysis through to day-to-day management.
- Excellent understanding of project management principles.
- Demonstrated ability to apply IT in solving security problems.
- In-depth knowledge of applicable laws and regulations as they relate to security.
- Proven leadership ability.
- Ability to set and manage priorities judiciously.
- Excellent written and oral communication skills.
- Excellent interpersonal skills and ability to communicate clearly from the technical level to executive management.
- Strong conflict management and negotiating skills.
- Superior analytical, evaluative, and problem-solving abilities.
- Exceptional service orientation and customer focused.
As the Information Security Manager (Research) will be exposed to day-to-day operational needs, the following more specific skills are required:
- Experience with risk management concepts.
- Experience with project management principles and in the management of medium sized projects.
- Exposure to Information security infrastructure implementation.
- Substantial knowledge of Operating System security.
- Experience with Information Security Incident Response.
- Strong Network and telecommunications security.
- Strong understanding of emerging threats and countermeasures.
Experience in Business Continuity Planning/Disaster Recovery Planning